- Build a strong data foundation for AI-driven business growth
- New AI-Driven Semantic Search and Summarization
- The best Black Friday soundbar and speaker deals: Save on Bose, Sonos, Beats, and more
- This is the only indoor security camera you'll ever need - and it's only $50 now
- This Samsung phone is the model I recommend to most people (and it's $175 off right now)
Tripwire Patch Priority Index for February 2024
Tripwire’s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google.
First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. For ConnectWise ScreenConnect, note that exploits are available in the Metasploit Framework.
Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free and heap buffer overflow vulnerabilities.
Next on the patch priority list this month are patches for Microsoft Word, Outlook, Office, and OneNote that resolve remove code execution and elevation of privilege vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Microsoft Message Queuing, LDAP, OLE, ActiveX Data Objects, and others.
Next up are patches for .NET that resolve 2 denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for DNS Server, Azure DevOps, Hyper-V, SQL Server, and Dynamics. These patches several issues including remote code execution, spoofing, information disclosure, cross-site scripting, and denial of service vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412 |
|
|
CVE-2024-1059, CVE-2024-1060, CVE-2024-1077, CVE-2024-1283, CVE-2024-1284, CVE-2024-21399 |
|
|
CVE-2024-21379 |
|
|
CVE-2024-21402, CVE-2024-21378 |
|
|
CVE-2024-20673, CVE-2024-21413 |
|
|
CVE-2024-21384 |
|
|
CVE-2024-21406, CVE-2024-21353, CVE-2024-21356, CVE-2024-21371, CVE-2024-21338, CVE-2024-21345, CVE-2024-21340, CVE-2024-21341, CVE-2024-21362, CVE-2024-21339, CVE-2024-21304, CVE-2024-21346, CVE-2024-21348, CVE-2024-21343, CVE-2024-21344, CVE-2024-21357, CVE-2024-21359, CVE-2024-21358, CVE-2024-21370, CVE-2024-21375, CVE-2024-21365, CVE-2024-21350, CVE-2024-21352, CVE-2024-21367, CVE-2024-21391, CVE-2024-21366, CVE-2024-21360, CVE-2024-21361, CVE-2024-21369, CVE-2024-21368, CVE-2024-21420, CVE-2024-21372, CVE-2024-21355, CVE-2024-21354, CVE-2024-21405, CVE-2024-21363, CVE-2024-21315, CVE-2024-21349 |
|
|
CVE-2024-21386, CVE-2024-21404 |
|
|
CVE-2023-50387, CVE-2024-21342, CVE-2024-21377 |
|
|
CVE-2024-20667 |
|
|
CVE-2024-20684 |
|
|
CVE-2024-21347 |
|
|
CVE-2024-21394, CVE-2024-21396, CVE-2024-21328, CVE-2024-21395, CVE-2024-21393, CVE-2024-21389, CVE-2024-21327, CVE-2024-21380 |
