Tripwire's October 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the patch priority is a patch for Microsoft Edge (Chromium-based) that resolves a type confusion vulnerability.
Next on the patch priority list this month are patches for Microsoft Office that resolve 3 elevation of privilege vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 60 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, Streaming Service, TCP/IP, Microsoft Message Queuing, ReFS, Win32k, Container Manager Service, Layer 2 Tunneling Protocol, IKE, MSHTML, RDP, and others.
Lastly, administrators should focus on server-side patches for IIS, Skype for Business, Azure DevOps Server, Dynamics, SQL Server, DHCP Server, Active Directory Domain Services, and Exchange. These patches resolve numerous issues including remote code execution, spoofing, cross site scripting, elevation of privilege, and information disclosure vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2023-5346 |
|
|
CVE-2023-36568, CVE-2023-36569, CVE-2023-36565 |
|
|
CVE-2023-36726, CVE-2023-36721, CVE-2023-36704, CVE-2023-36720, CVE-2023-36557, CVE-2023-36436, CVE-2023-36790, CVE-2023-29348, CVE-2023-36702, CVE-2023-36710, CVE-2023-36717, CVE-2023-36718, CVE-2023-36585, CVE-2023-36724, CVE-2023-36584, CVE-2023-36707, CVE-2023-36706, CVE-2023-36567, CVE-2023-38159, CVE-2023-36594, CVE-2023-36712, CVE-2023-36576, CVE-2023-36698, CVE-2023-36564, CVE-2023-36596, CVE-2023-41773, CVE-2023-41770, CVE-2023-41771, CVE-2023-41774, CVE-2023-38166, CVE-2023-41765, CVE-2023-41767, CVE-2023-41769, CVE-2023-41768 |
|
|
CVE-2023-41766, CVE-2023-36902, CVE-2023-36709, CVE-2023-36563, CVE-2023-36577, CVE-2023-36711, CVE-2023-36435, CVE-2023-38171, CVE-2023-36725, CVE-2023-36602, CVE-2023-36603, CVE-2023-36438, CVE-2023-36431, CVE-2023-36606, CVE-2023-36581, CVE-2023-36579, CVE-2023-36697, CVE-2023-35349, CVE-2023-36590, CVE-2023-36591, CVE-2023-36582, CVE-2023-36592, CVE-2023-36593, CVE-2023-36589, CVE-2023-36583, CVE-2023-36572, CVE-2023-36573, CVE-2023-36570, CVE-2023-36571, CVE-2023-36574, CVE-2023-36575, CVE-2023-36578, CVE-2023-36701, CVE-2023-41772, CVE-2023-36731, CVE-2023-36732, CVE-2023-36776, CVE-2023-36743, CVE-2023-36723, CVE-2023-36566, CVE-2023-36729, CVE-2023-36605, CVE-2023-44487, CVE-2023-36713 |
|
|
CVE-2023-36434 |
|
|
CVE-2023-36778 |
|
|
CVE-2023-41763, CVE-2023-36789, CVE-2023-36786, CVE-2023-36780 |
|
|
CVE-2023-36703 |
|
|
CVE-2023-36429, CVE-2023-36433, CVE-2023-36416 |
|
|
CVE-2023-36722 |
|
|
CVE-2023-36561 |
|
|
CVE-2023-36420, CVE-2023-36785, CVE-2023-36730, CVE-2023-36417, CVE-2023-36728, CVE-2023-36598 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
