Tripwire's October 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.
First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 10 issues such as user-after-free, insufficient policy enforcement, and out-of-bounds write vulnerabilities.
Up next are patches for Microsoft Office and Word that resolve 5 vulnerabilities, including remote code execution, information disclosure, and spoofing vulnerabilities.
Next are patches for Adobe Reader and Acrobat. These patches resolve 6 vulnerabilities such as NULL pointer dereference, use-after-free, stack-based overflow, and out-of-bounds read.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 60 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, TCP/IP, ALPC, Fax Service, Point-to-Point Tunneling Protocol, ODBC Driver, DWM core Library, Graphics, and others.
Next are patches for Visual Studio Code that resolve 3 vulnerabilities including remove code execution, information disclosure, and elevation of privilege.
Lastly, administrators should focus on server-side patches for LDAP, Distributed File System (DFS), SharePoint, Active Directory, and Hyper-V. These patches resolve elevation of privilege, denial of service, spoofing, and remote code execution vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2022-3304, CVE-2022-3307, CVE-2022-3308, CVE-2022-3310, CVE-2022-3311, CVE-2022-3313, CVE-2022-3315, CVE-2022-3316, CVE-2022-3317, CVE-2022-3370, CVE-2022-3373, CVE-2022-41035 |
|
|
CVE-2022-38049, CVE-2022-41031 |
|
|
CVE-2022-41043, CVE-2022-38048, CVE-2022-38001 |
|
|
CVE-2022-35691, CVE-2022-38437, CVE-2022-38450, CVE-2022-42339, CVE-2022-38449, CVE-2022-42342 |
|
|
CVE-2022-38034, CVE-2022-38030, CVE-2022-38032, CVE-2022-37975, CVE-2022-37998, CVE-2022-37973, CVE-2022-38036, CVE-2022-37965, CVE-2022-38046, CVE-2022-37974, CVE-2022-38041, CVE-2022-38021, CVE-2022-38043, CVE-2022-33635, CVE-2022-38051, CVE-2022-37997, CVE-2022-37985, CVE-2022-37986, CVE-2022-37995, CVE-2022-37990, CVE-2022-37991, CVE-2022-37988, CVE-2022-38038, CVE-2022-38039, CVE-2022-38037, CVE-2022-38022, CVE-2022-37983, CVE-2022-37970, CVE-2022-37977, CVE-2022-30198, CVE-2022-38047 |
|
|
CVE-2022-41081, CVE-2022-24504, CVE-2022-22035, CVE-2022-38000, CVE-2022-33634, CVE-2022-38040, CVE-2022-41032, CVE-2022-37987, CVE-2022-37989, CVE-2022-37971, CVE-2022-35770, CVE-2022-34689, CVE-2022-38016, CVE-2022-37994, CVE-2022-37993, CVE-2022-37999, CVE-2022-37981, CVE-2022-37982, CVE-2022-38031, CVE-2022-38050, CVE-2022-33645, CVE-2022-38003, CVE-2022-41033, CVE-2022-38028, CVE-2022-38027, CVE-2022-37984, CVE-2022-38029, CVE-2022-37980, CVE-2022-38026, CVE-2022-38044, CVE-2022-37996 |
|
|
CVE-2022-41083, CVE-2022-41042, CVE-2022-41034 |
|
|
CVE-2022-38033, CVE-2022-38045 |
|
|
CVE-2022-38025 |
|
|
CVE-2022-38042, CVE-2022-37976, CVE-2022-37978 |
|
|
CVE-2022-38053, CVE-2022-41036, CVE-2022-41037, CVE-2022-41038 |
|
|
CVE-2022-37979 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
