Tripwire's April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe.First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any...

Tripwire's March 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, and Spring Framework.First on the patch priority list this month is a remote code execution vulnerability in the Spring Framework (CVE-2022-22965). This vulnerability has been added to the Metasploit Exploit Framework and any...

Tripwire's February 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the patch priority list this month is a vulnerability for Microsoft Windows LSA (CVE-2021-36942). This vulnerability has been added to Metasploit Exploit Framework and any vulnerable systems should be patched as soon as possible.Up next...

Tripwire's January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft.First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability (CVE-2021-44228). This...

Tripwire's December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft.First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability. There are many attack vectors via various...

Tripwire's November 2021 Patch Priority Index (PPI) brings together important vulnerabilities for open-source software components and Microsoft. First on the patch priority list this month are patches for Open Management Infrastructure (CVE-2021-38648, CVE-2021-38647), Eclipse Jetty (CVE-2021-28164), and ExifTool (CVE-2021-22204). Exploits for...

Tripwire's October 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Squid, Microsoft, and Adobe.First on the patch priority list this month are patches for Squid (CVE-2021-31807, CVE-2021-31806). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be...

Tripwire's September 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, Linux, and Confluence.First on the patch priority list this month are patches for the Linux kernel (CVE-2021-3490) and Confluence Server and Data Center (CVE-2021-26084). Exploits for these vulnerabilities have been recently added to...

Tripwire's August 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft.First on the patch priority list this month are patches for Microsoft Exchange Server (CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207). These vulnerabilities have seen active exploitation. Also, exploits for these vulnerabilities have been...

In this episode, Greg Wilson, CISO of Docupace, discussed the rise of ransomware during uncertain times (i.e. COVID pandemic), whether it’s here to stay, and how to prevent damage with security hygiene. https://open.spotify.com/episode/24huDJTPDj7JyOxa1CODge?si=80455f6634a94ee6 Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm...

Tripwire's July 2021 Patch Priority Index (PPI) brings together important vulnerabilities from VMware, Adobe, Oracle, and Microsoft.First on the patch priority list this month are patches for Microsoft Print Spooler (CVE-2021-34527, CVE-2021-1675) and vSphere Client (CVE-2021-21985). Exploits for these vulnerabilities have been recently added to the...

Tripwire's June 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Cacti, Docker, Adobe, and Microsoft.First on the patch priority list this month are patches for Microsoft SharePoint (CVE-2021-31181), Cacti (CVE-2020-14295), and Docker (CVE-2019-5736). Exploits for these vulnerabilities have been recently added to the...

Tripwire's May 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome, Adobe and Microsoft.First on the patch priority list this month are patches for macOS (CVE-2021-30657) and Google Chrome (CVE-2021-21220). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These...

Tripwire's April 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome and Microsoft.First on the patch priority list this month are patches for insufficient input validation vulnerabilities in Google Chrome (Chromium). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit...

Tripwire's March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft.First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, CVE-2021-26855), SaltStack (CVE-2021-25282, CVE-2021-25281), BIG-IP (CVE-2021-22986) and VMware...

Tripwire's February 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Apache, VMware and Microsoft.First on the patch priority list this month is a patch for Apache Tomcat. The Apache Tomcat "Ghostcat" vulnerability, identified as CVE-2020-1938, has been recently added to the Metasploit Exploit Framework.Next on the list...

Security researchers at Google have claimed that a quarter of all zero-day software exploits could have been avoided if more effort had been made by vendors when creating patches for vulnerabilities in their software. In a blog post, Maddie Stone of Google's Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely...

Tripwire's January 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Dnsmasq and Oracle.First on the patch priority list this month are patches for Dnsmasq related to the seven so-called "DNSpooq" vulnerabilities. Dnsmasq is an open-source DNS forwarding application, and systems using this software should patch...

Tripwire's December 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Pulse Secure, and Oracle. First on the patch priority list this month are two vulnerabilities that have recently been included within the Metasploit exploit framework. One is a vulnerability in Pulse Secure Desktop Client and the other is a...

Over the last few years, the idea of patching systems to correct flaws has graduated from an annoying business disruption to a top priority. With all of the notorious vulnerabilities that can wreak total havoc, the time it takes to patch becomes a minor inconvenience when weighed against both the technical challenges and possible regulatory...