- The viral Air Purifier Table is my smart home's MVP (and it's on sale for $179)
- Grab the Galaxy S25 Edge for $170 off and get a free Amazon gift card - but act fast
- How I learned to stop worrying and love my health tracker
- I found a free iPhone 16 deal that doesn't require a trade-in (and applies to Pro models, too)
- This 77-piece Milwaukee wrench set is still $200 off at The Home Depot
Tripwire Patch Priority Index for February 2024
Tripwire’s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google.
First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. For ConnectWise ScreenConnect, note that exploits are available in the Metasploit Framework.
Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free and heap buffer overflow vulnerabilities.
Next on the patch priority list this month are patches for Microsoft Word, Outlook, Office, and OneNote that resolve remove code execution and elevation of privilege vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Microsoft Message Queuing, LDAP, OLE, ActiveX Data Objects, and others.
Next up are patches for .NET that resolve 2 denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for DNS Server, Azure DevOps, Hyper-V, SQL Server, and Dynamics. These patches several issues including remote code execution, spoofing, information disclosure, cross-site scripting, and denial of service vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412 |
|
|
CVE-2024-1059, CVE-2024-1060, CVE-2024-1077, CVE-2024-1283, CVE-2024-1284, CVE-2024-21399 |
|
|
CVE-2024-21379 |
|
|
CVE-2024-21402, CVE-2024-21378 |
|
|
CVE-2024-20673, CVE-2024-21413 |
|
|
CVE-2024-21384 |
|
|
CVE-2024-21406, CVE-2024-21353, CVE-2024-21356, CVE-2024-21371, CVE-2024-21338, CVE-2024-21345, CVE-2024-21340, CVE-2024-21341, CVE-2024-21362, CVE-2024-21339, CVE-2024-21304, CVE-2024-21346, CVE-2024-21348, CVE-2024-21343, CVE-2024-21344, CVE-2024-21357, CVE-2024-21359, CVE-2024-21358, CVE-2024-21370, CVE-2024-21375, CVE-2024-21365, CVE-2024-21350, CVE-2024-21352, CVE-2024-21367, CVE-2024-21391, CVE-2024-21366, CVE-2024-21360, CVE-2024-21361, CVE-2024-21369, CVE-2024-21368, CVE-2024-21420, CVE-2024-21372, CVE-2024-21355, CVE-2024-21354, CVE-2024-21405, CVE-2024-21363, CVE-2024-21315, CVE-2024-21349 |
|
|
CVE-2024-21386, CVE-2024-21404 |
|
|
CVE-2023-50387, CVE-2024-21342, CVE-2024-21377 |
|
|
CVE-2024-20667 |
|
|
CVE-2024-20684 |
|
|
CVE-2024-21347 |
|
|
CVE-2024-21394, CVE-2024-21396, CVE-2024-21328, CVE-2024-21395, CVE-2024-21393, CVE-2024-21389, CVE-2024-21327, CVE-2024-21380 |
