- Google just gave Gmail a major AI upgrade, and it solves a big problem for me
- Your Google Gemini assistant is getting 8 useful features - here's the update log
- I recommend this budget OnePlus phone over most low-cost devices - especially at $70 off
- Save $750 on the HP Envy Laptop 17 when you buy directly from HP
- The Lenovo desktop PC I'd actually use at the office - even if it's for gamers
Tripwire Patch Priority Index for January 2021 | The State of Security
Tripwire’s January 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Dnsmasq and Oracle.
First on the patch priority list this month are patches for Dnsmasq related to the seven so-called “DNSpooq” vulnerabilities. Dnsmasq is an open-source DNS forwarding application, and systems using this software should patch as soon as possible.
Up next on the patch priority list this month are patches for Microsoft Edge, Excel, Office and Word. These patches resolve over 35 vulnerabilities that exist due to issues such as memory corruption, information disclosure, security feature bypass and remote code execution vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 60 vulnerabilities including elevation of privilege, information disclosure, remote code execution and memory corruption vulnerabilities. These vulnerabilities affect core Windows, GDI+, AppX, Diagnostics hub, RPC, TPM Device Driver, CSC Service, NTLM, Hyper-V, Active Template Library, WalletService, Media Foundation, CryptoAPI and others.
Next, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint and SQL Server. These resolve several issues including remote code execution, elevation of privilege, tampering and spoofing vulnerabilities.
Finally, this month are patches for Oracle Java and Oracle Database. Oracle released patches for one Java SE vulnerability and six database vulnerabilities.
| BULLETIN | CVE |
| DNSpooq – Dnsmasq | CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25681, CVE-2020-25683, CVE-2020-25687, CVE-2020-25682 |
| Microsoft Edge (HTML-based) | CVE-2021-1705 |
| Microsoft Edge (Chromium-based) | CVE-2021-21112, CVE-2021-21113, CVE-2021-21110, CVE-2021-21111, CVE-2021-21116, CVE-2021-21107, CVE-2021-21114, CVE-2021-21106, CVE-2021-21109, CVE-2021-21108, CVE-2021-21115, CVE-2020-16043, CVE-2020-15995, CVE-2021-21139, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21118, CVE-2021-21119, CVE-2020-16044, CVE-2021-21129, CVE-2021-21128, CVE-2021-21123, CVE-2021-21122, CVE-2021-21121, CVE-2021-21120, CVE-2021-21127, CVE-2021-21126, CVE-2021-21125, CVE-2021-21124, CVE-2021-21141, CVE-2021-21140 |
| Microsoft Office | CVE-2021-1713, CVE-2021-1714, CVE-2021-1711, CVE-2021-1715, CVE-2021-1716 |
| Microsoft Windows | CVE-2021-1685, CVE-2021-1642, CVE-2021-1651, CVE-2021-1680, CVE-2021-1702, CVE-2021-1703, CVE-2021-1645, CVE-2021-1656, CVE-2021-1694, CVE-2021-1695, CVE-2021-1637, CVE-2021-1648, CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693, CVE-2021-1678, CVE-2021-1658, CVE-2021-1700, CVE-2021-1701, CVE-2021-1667, CVE-2021-1673, CVE-2021-1666, CVE-2021-1664, CVE-2021-1660, CVE-2021-1671, CVE-2021-1692, CVE-2021-1691, CVE-2021-1704, CVE-2021-1687, CVE-2021-1686, CVE-2021-1681, CVE-2021-1690, CVE-2021-1649, CVE-2021-1699, CVE-2021-1657, CVE-2021-1706, CVE-2021-1689, CVE-2021-1676, CVE-2021-1650, CVE-2021-1646, CVE-2021-1710, CVE-2021-1697, CVE-2021-1661, CVE-2021-1663, CVE-2021-1670, CVE-2021-1672, CVE-2021-1668, CVE-2021-1679, CVE-2021-1665, CVE-2021-1708, CVE-2021-1696, CVE-2021-1709, CVE-2021-1662, CVE-2021-1682, CVE-2021-1638, CVE-2021-1683, CVE-2021-1684 |
| Microsoft Office SharePoint | CVE-2021-1712, CVE-2021-1719, CVE-2021-1707, CVE-2021-1718, CVE-2021-1641, CVE-2021-1717 |
| SQL Server | CVE-2021-1636 |
| Oracle Java | CVE-2020-14803 |
| Oracle Database | CVE-2021-1993, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045, CVE-2021-2035, CVE-2021-2018 |
