- Southeast Asia reiterates pledge to collaborate amid growing cyber threats in AI era
- Amazon launches new Fire TV Stick to replace two current options
- Bluesky signups soar after X makes controversial privacy change
- Changing these 6 TV settings can drastically speed up its performance
- Top Best Buy deals ahead of Black Friday
Tripwire Patch Priority Index for February 2024
Tripwire’s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google.
First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. For ConnectWise ScreenConnect, note that exploits are available in the Metasploit Framework.
Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free and heap buffer overflow vulnerabilities.
Next on the patch priority list this month are patches for Microsoft Word, Outlook, Office, and OneNote that resolve remove code execution and elevation of privilege vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Microsoft Message Queuing, LDAP, OLE, ActiveX Data Objects, and others.
Next up are patches for .NET that resolve 2 denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for DNS Server, Azure DevOps, Hyper-V, SQL Server, and Dynamics. These patches several issues including remote code execution, spoofing, information disclosure, cross-site scripting, and denial of service vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412 |
|
|
CVE-2024-1059, CVE-2024-1060, CVE-2024-1077, CVE-2024-1283, CVE-2024-1284, CVE-2024-21399 |
|
|
CVE-2024-21379 |
|
|
CVE-2024-21402, CVE-2024-21378 |
|
|
CVE-2024-20673, CVE-2024-21413 |
|
|
CVE-2024-21384 |
|
|
CVE-2024-21406, CVE-2024-21353, CVE-2024-21356, CVE-2024-21371, CVE-2024-21338, CVE-2024-21345, CVE-2024-21340, CVE-2024-21341, CVE-2024-21362, CVE-2024-21339, CVE-2024-21304, CVE-2024-21346, CVE-2024-21348, CVE-2024-21343, CVE-2024-21344, CVE-2024-21357, CVE-2024-21359, CVE-2024-21358, CVE-2024-21370, CVE-2024-21375, CVE-2024-21365, CVE-2024-21350, CVE-2024-21352, CVE-2024-21367, CVE-2024-21391, CVE-2024-21366, CVE-2024-21360, CVE-2024-21361, CVE-2024-21369, CVE-2024-21368, CVE-2024-21420, CVE-2024-21372, CVE-2024-21355, CVE-2024-21354, CVE-2024-21405, CVE-2024-21363, CVE-2024-21315, CVE-2024-21349 |
|
|
CVE-2024-21386, CVE-2024-21404 |
|
|
CVE-2023-50387, CVE-2024-21342, CVE-2024-21377 |
|
|
CVE-2024-20667 |
|
|
CVE-2024-20684 |
|
|
CVE-2024-21347 |
|
|
CVE-2024-21394, CVE-2024-21396, CVE-2024-21328, CVE-2024-21395, CVE-2024-21393, CVE-2024-21389, CVE-2024-21327, CVE-2024-21380 |
