Tripwire's September 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 20 issues such as user-after-free, insufficient policy enforcement, out-of-bounds write, and heap buffer overflow vulnerabilities.
Up next are patches for Microsoft PowerPoint and Viso that resolve 3 remote code execution vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 55 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, Photo Import, AV1 Video Extension, SPNEG, Event Tracing, OLE, ODBC, Secure Channel, TCP/IP, ALPC, Fax Service, and others.
Next are patches for .NET Framework, Visual Studio Code, and Visual Studio. The patches resolve 3 vulnerabilities including remote code execution, denial of service, and elevation of privilege.
Lastly, administrators should focus on server-side patches for LDAP, Distributed File System (DFS), Dynamics, SharePoint, HTTP, DNS, and Endpoint Configuration Manager. These patches resolve elevation of privilege, denial of service, spoofing, and remote code execution vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3075, CVE-2022-3195, CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200, CVE-2022-38012, CVE-2022-38012 |
|
|
CVE-2022-37962 |
|
|
CVE-2022-37963, CVE-2022-38010 |
|
|
CVE-2022-35828, CVE-2022-34720, CVE-2022-34720, CVE-2022-34721, CVE-2022-34722, CVE-2022-37955, CVE-2022-34723, CVE-2022-34723, CVE-2022-35841, CVE-2022-23960, CVE-2022-38019, CVE-2022-38011, CVE-2022-26928, CVE-2022-37954, CVE-2022-34729, CVE-2022-38006, CVE-2022-34728, CVE-2022-35837, CVE-2022-37958, CVE-2022-37958, CVE-2022-35832, CVE-2022-37964, CVE-2022-37956, CVE-2022-37957, CVE-2022-37959, CVE-2022-37959, CVE-2022-35831, CVE-2022-35840, CVE-2022-34733, CVE-2022-34731, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35830, CVE-2022-34726, CVE-2022-34727, CVE-2022-34734, CVE-2022-34732, CVE-2022-34730, CVE-2022-35840, CVE-2022-34733, CVE-2022-34731, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-30196, CVE-2022-35833, CVE-2022-34718, CVE-2022-33679, CVE-2022-33647, CVE-2022-30170, CVE-2022-38005, CVE-2022-34725, CVE-2022-38004, CVE-2022-37969, CVE-2022-35803 |
|
|
CVE-2022-26929, CVE-2022-38020, CVE-2022-38013 |
|
|
CVE-2022-30200, CVE-2022-30200 |
|
|
CVE-2022-34719, CVE-2022-34719 |
|
|
CVE-2022-34700, CVE-2022-35805 |
|
|
CVE-2022-35823, CVE-2022-37961, CVE-2022-38009, CVE-2022-38008 |
|
|
CVE-2022-35838 |
|
|
CVE-2022-34724 |
|
|
CVE-2022-37972 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
