- Skip the iPad: This tablet is redefining what a kids tablet can do, and it's 42% off for Black Friday
- Why the iPad Mini 7 is the ultraportable tablet to beat this holiday travel season - and it's $50 off
- The best iPads for college: Expert tested and reviewed
- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
Tripwire Patch Priority Index for October 2021 | The State of Security
Tripwire’s October 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Squid, Microsoft, and Adobe.
First on the patch priority list this month are patches for Squid (CVE-2021-31807, CVE-2021-31806). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Next are patches for Microsoft Office Word and Excel. These patches resolve 7 issues, including remote code execution and information disclosure vulnerabilities.
Up next are 4 patches for Adobe Reader and Acrobat that resolve arbitrary code execution and privilege escalation vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, print spooler, kernel, Fast FAT file system, bind filter, storage spaces, Windows Media, graphics, rich text edit, NAT, win32k, exFAT file system, text shaping, and others.
Lastly, administrators should focus on server-side patches for Microsoft SharePoint, Windows DNS, Active Directory, Hyper-V, Dynamics, and Exchange. These patches resolve numerous issues including spoofing, elevation of privilege, remote code execution, cross-site scripting, and denial of service vulnerabilities.
BULLETIN | CVE |
Exploit Framework – Metasploit | CVE-2021-31807, CVE-2021-31806 |
Microsoft Office Word | CVE-2021-40486 |
Microsoft Office Excel | CVE-2021-40472, CVE-2021-40479, CVE-2021-40474, CVE-2021-40473, CVE-2021-40471, CVE-2021-40485 |
APSB21-104: Adobe Reader and Acrobat | CVE-2021-40728, CVE-2021-40729, CVE-2021-40730, CVE-2021-40731 |
Microsoft Windows | CVE-2021-38662, CVE-2021-41343, CVE-2021-40468, CVE-2021-40455, CVE-2021-40443, CVE-2021-40467, CVE-2021-40466, CVE-2021-40489, CVE-2021-40488, CVE-2021-41345, CVE-2021-40478, CVE-2021-26441, CVE-2021-40470, CVE-2021-41347, CVE-2021-41330, CVE-2021-41331, CVE-2021-40462, CVE-2021-40475, CVE-2021-41340, CVE-2021-40477, CVE-2021-41335, CVE-2021-41339, CVE-2021-40454, CVE-2021-40460, CVE-2021-40476, CVE-2021-41338, CVE-2021-41346, CVE-2021-41334, CVE-2021-40463, CVE-2021-41342, CVE-2021-26442, CVE-2021-40449, CVE-2021-41357, CVE-2021-40450, CVE-2021-36953, CVE-2021-40464, CVE-2021-41332, CVE-2021-36970, CVE-2021-38663, CVE-2021-40465 |
Active Directory Federation Services | CVE-2021-41361, CVE-2021-41337 |
Role: Windows Hyper-V | CVE-2021-40461 |
Role: Windows AD FS Server | CVE-2021-40456 |
Microsoft Dynamics | CVE-2021-41354, CVE-2021-41353 |
Role: DNS Server | CVE-2021-40469 |
Microsoft Exchange Server | CVE-2021-34453, CVE-2021-41348, CVE-2021-26427, CVE-2021-41350 |
Microsoft Office SharePoint | CVE-2021-40482, CVE-2021-40487, CVE-2021-40483, CVE-2021-40484 |