- How to Use AI in Cyber Deception
- How To Privacy-Proof the Coming AI Wave
- Why the Even Realities G1 are the smart glasses to beat in 2025 - and I've tested several pairs
- VPN-ready routers may be a smartest way to connect to Wi-Fi now. I put one to the test
- 4 surprise products we could see at Samsung Unpacked 2025 - and are worth getting excited about
Tripwire Patch Priority Index for February 2024
Tripwire’s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google.
First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. For ConnectWise ScreenConnect, note that exploits are available in the Metasploit Framework.
Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free and heap buffer overflow vulnerabilities.
Next on the patch priority list this month are patches for Microsoft Word, Outlook, Office, and OneNote that resolve remove code execution and elevation of privilege vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Microsoft Message Queuing, LDAP, OLE, ActiveX Data Objects, and others.
Next up are patches for .NET that resolve 2 denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for DNS Server, Azure DevOps, Hyper-V, SQL Server, and Dynamics. These patches several issues including remote code execution, spoofing, information disclosure, cross-site scripting, and denial of service vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412 |
|
|
CVE-2024-1059, CVE-2024-1060, CVE-2024-1077, CVE-2024-1283, CVE-2024-1284, CVE-2024-21399 |
|
|
CVE-2024-21379 |
|
|
CVE-2024-21402, CVE-2024-21378 |
|
|
CVE-2024-20673, CVE-2024-21413 |
|
|
CVE-2024-21384 |
|
|
CVE-2024-21406, CVE-2024-21353, CVE-2024-21356, CVE-2024-21371, CVE-2024-21338, CVE-2024-21345, CVE-2024-21340, CVE-2024-21341, CVE-2024-21362, CVE-2024-21339, CVE-2024-21304, CVE-2024-21346, CVE-2024-21348, CVE-2024-21343, CVE-2024-21344, CVE-2024-21357, CVE-2024-21359, CVE-2024-21358, CVE-2024-21370, CVE-2024-21375, CVE-2024-21365, CVE-2024-21350, CVE-2024-21352, CVE-2024-21367, CVE-2024-21391, CVE-2024-21366, CVE-2024-21360, CVE-2024-21361, CVE-2024-21369, CVE-2024-21368, CVE-2024-21420, CVE-2024-21372, CVE-2024-21355, CVE-2024-21354, CVE-2024-21405, CVE-2024-21363, CVE-2024-21315, CVE-2024-21349 |
|
|
CVE-2024-21386, CVE-2024-21404 |
|
|
CVE-2023-50387, CVE-2024-21342, CVE-2024-21377 |
|
|
CVE-2024-20667 |
|
|
CVE-2024-20684 |
|
|
CVE-2024-21347 |
|
|
CVE-2024-21394, CVE-2024-21396, CVE-2024-21328, CVE-2024-21395, CVE-2024-21393, CVE-2024-21389, CVE-2024-21327, CVE-2024-21380 |
