Tripwire Patch Priority Index for November 2023

Tripwire’s November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.

First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities.

Next on the patch priority list this month are patches for Microsoft Office and Excel that resolve 3 remote code execution and security feature bypass vulnerabilities.

Next are patches that affect components of the core Windows operating system. These patches resolve over 25 vulnerabilities, including elevation of privilege, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Installer, Bluetooth, Speech Application Programming Interface, NTFS, Authentication, Distributed File System, and others.

Up next are patches for .NET, ASP.NET, Visual Studio and Visual Studio Code that resolve 6 vulnerabilities including security feature bypass, denial of service, elevation of privilege, and spoofing vulnerabilities.

Lastly, administrators should focus on server-side patches for Azure DevOps Server, Dynamics, DHCP Server, SharePoint, Hyper-V, and Exchange. These patches resolve numerous issues including remote code execution, spoofing, cross site scripting, elevation of privilege, and information disclosure vulnerabilities.

BULLETIN	CVE
Microsoft Edge (Chromium-based)	CVE-2023-36024, CVE-2023-36027, CVE-2023-36034, CVE-2023-36014, CVE-2023-36022, CVE-2023-36029
Microsoft Office	CVE-2023-36045, CVE-2023-36413
Microsoft Office Excel	CVE-2023-36041, CVE-2023-36037
Windows	CVE-2023-36705, CVE-2023-36395, CVE-2023-36400, CVE-2023-36393, CVE-2023-36396, CVE-2023-36425, CVE-2023-36028, CVE-2023-36401, CVE-2023-36423, CVE-2023-36036, CVE-2023-36405, CVE-2023-36403, CVE-2023-36404, CVE-2023-24023, CVE-2023-36394, CVE-2023-36033, CVE-2023-36422, CVE-2023-36397, CVE-2023-36025, CVE-2023-36017, CVE-2023-36402, CVE-2023-36719, CVE-2023-36428, CVE-2023-36046, CVE-2023-36047, CVE-2023-36399, CVE-2023-36424, CVE-2023-36398
ASP.NET and .NET Framework	CVE-2023-36558, CVE-2023-36038, CVE-2023-36560, CVE-2023-36049
Visual Studio Code and Visual Studio	CVE-2023-36018, CVE-2023-36042
Microsoft Exchange Server	CVE-2023-36439, CVE-2023-36035, CVE-2023-36039, CVE-2023-36050
Windows DHCP Server	CVE-2023-36392
Azure DevOps	CVE-2023-36437
Microsoft Dynamics	CVE-2023-36031, CVE-2023-36410, CVE-2023-36016, CVE-2023-36007
Windows Hyper-V	CVE-2023-36408, CVE-2023-36407, CVE-2023-36427, CVE-2023-36406
Microsoft Office SharePoint	CVE-2023-38177

Source link

Tripwire Patch Priority Index for November 2023

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

VMWARE

Configuration Templates