Tripwire's February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.
| BULLETIN | CVE |
| Adobe Flash APSB18-03 | CVE-2018-4878, CVE-2018-4877 |
| Microsoft Browser | CVE-2018-0763, CVE-2018-0839, CVE-2018-0771 |
| Microsoft Scripting Engine | CVE-2018-0840, CVE-2018-0860, CVE-2018-0861, CVE-2018-0866, CVE-2018-0838, CVE-2018-0859, CVE-2018-0857, CVE-2018-0856, CVE-2018-0835, CVE-2018-0834, CVE-2018-0837, CVE-2018-0836 |
| Microsoft Office | CVE-2018-0853, CVE-2018-0851 |
| Microsoft Outlook | CVE-2018-0850, CVE-2018-0852 |
| Microsoft SharePoint | CVE-2018-0864, CVE-2018-0869, |
| Windows Kernel | CVE-2018-0809, CVE-2018-0820, CVE-2018-0742, CVE-2018-0756, CVE-2018-0831, CVE-2018-0843, CVE-2018-0829, CVE-2018-0757, CVE-2018-0810, CVE-2018-0830, CVE-2018-0832 |
| Windows | CVE-2018-0833, CVE-2018-0828 |
| Windows Miscellaneous | CVE-2018-0823, CVE-2018-0825, CVE-2018-0821, CVE-2018-0844, CVE-2018-0846, CVE-2018-0755, CVE-2018-0761, CVE-2018-0760, CVE-2018-0855, CVE-2018-0822, CVE-2018-0842, CVE-2018-0847, CVE-2018-0827, CVE-2018-0826 |
First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS. These Adobe Flash patches address two user-after-free vulnerabilities that can lead to remote code execution upon successful exploitation.
NOTE: Adobe reports that one of these vulnerabilities (CVE-2018-4878) has been exploited in the wild and has been used to target Windows users. Administrators should install these patches as soon as possible. Please refer to Adobe Security Notification APSB18-03 for more details.
Next up on the patch priority list this month are patches for Microsoft browsers and scripting engine. These patches address two information disclosure and one security feature bypass vulnerabilities in Microsoft Edge and 13 memory corruption vulnerabilities in the scripting engine. Up next are patches for Microsoft Office, Outlook and Sharepoint. These patches address six vulnerabilities, including information disclosure, memory corruption and elevation of privilege. Next administrators should focus on patches for the Windows Kernel. These patches address five elevation of privilege vulnerabilities and six information disclosure vulnerabilities. Lastly for this month, administrators should focus on the patching the remaining Microsoft February 2018 patches that resolve 16 vulnerabilities in Windows, Named Pipe File System, StructuredQuery, AppContainer, Common Log File System, EOT Font Engine, NTFS and Storage Services. To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
