Tripwire Patch Priority Index for January 2024

Tripwire’s January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian.

First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. For Apple, note that CVE-2024-02322 impacts Apple iOS, iPadOS, macOS, tvOS, and watchOS.

Up next are patches for Microsoft Edge (Chromium-based) that resolve use-after-free and buffer overflow vulnerabilities.

Next on the patch priority list this month are patches for Microsoft Office that resolve a remote code execution vulnerability.

Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Bluetooth Driver, Common Log File System, Cryptographic Services, Remote Desktop Client, Microsoft Message Queuing, Virtual Hard Disk, BitLocker, Libarchive, Windows Subsystem for Linux, and others.

Next up are patches for .NET and Visual Studio that resolve denial of service, security feature bypass, and elevation of privilege vulnerabilities.

Lastly, administrators should focus on server-side patches for SharePoint, SQL Server, and Hyper-V. These patches have several issues, including remote code execution, security feature bypass, and denial of service vulnerabilities.