- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
- Elden Ring, 2022's Game of the Year, hits a record low price of $20 on Amazon for Black Friday
- This is the best car diagnostic tool I've ever used, and it's only $54 in this Black Friday deal
Tripwire Patch Priority Index for February 2021 | The State of Security
Tripwire’s February 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Apache, VWware and Microsoft.
First on the patch priority list this month is a patch for Apache Tomcat. The Apache Tomcat “Ghostcat” vulnerability, identified as CVE-2020-1938, has been recently added to the Metasploit Exploit Framework.
Next on the list are patches for ESXi and vCenter. These patches resolve three issues including heap-overflow, SSRF, and remote code execution. Note that proof of concept exploit code is available for CVE-2021-21972.
Up next on the patch priority list this month are patches for Microsoft Excel. These patches resolve four remote code execution vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 25 vulnerabilities including elevation of privilege, information disclosure, remote code execution, denial of service and memory corruption vulnerabilities. These vulnerabilities affect core Windows, Graphics, Hyper-V, Camera Codec, Event Tracing, PKU2U, TCP/IP, Fax Service, Console Driver and others.
Up next is a patch that resolves a denial-of-service vulnerability for the .NET Framework.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Dynamics, Exchange, SharePoint, DNS and Skype for Business and Lync. These patches resolve several issues including remote code execution, information disclosure, XSS, denial of service and spoofing vulnerabilities.
BULLETIN | CVE |
Exploit Framework – Metasploit | CVE-2020-1938 |
VWware VMSA-2021-0002 | CVE-2021-21974, CVE-2021-21972, CVE-2021-21973 |
Microsoft Office Excel | CVE-2021-24070, CVE-2021-24069, CVE-2021-24067, CVE-2021-24068 |
Microsoft Windows | CVE-2020-17162,CVE-2021-1727, CVE-2021-24106,CVE-2021-24075,CVE-2021-24082,CVE-2021-24093,CVE-2021-24081,CVE-2021-24091,CVE-2021-24102,CVE-2021-24103,CVE-2021-24096,CVE-2021-1732,CVE-2021-1698, CVE-2021-24076,CVE-2021-1734, CVE-2021-24083,CVE-2021-25195,CVE-2021-24079,CVE-2021-24086,CVE-2021-24074,CVE-2021-24094,CVE-2021-24080,CVE-2021-24088,CVE-2021-24084,CVE-2021-1731, CVE-2021-24077,CVE-2021-1722, CVE-2021-24098 |
.NET Framework | CVE-2021-24111 |
Microsoft Dynamics | CVE-2021-24101,CVE-2021-1724 |
Microsoft Exchange Server | CVE-2021-1730, CVE-2021-24085 |
Microsoft Office SharePoint | CVE-2021-24071,CVE-2021-24066,CVE-2021-24072,CVE-2021-1726 |
DNS Server | CVE-2021-24078 |
Skype for Business | CVE-2021-24099, CVE-2021-24073 |