Tripwire Patch Priority Index for July 2021 | The State of Security


Tripwire’s July 2021 Patch Priority Index (PPI) brings together important vulnerabilities from VMware, Adobe, Oracle, and Microsoft.

First on the patch priority list this month are patches for Microsoft Print Spooler (CVE-2021-34527, CVE-2021-1675) and vSphere Client (CVE-2021-21985). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.

Up next are patches for Adobe Reader and Acrobat that resolve 19 issues including memory leak, arbitrary code execution, arbitrary file system write, arbitrary file system read, and denial-of-service vulnerabilities.

Next is a patch for Microsoft Scripting Engine, which resolves a memory corruption vulnerability.

Next on the patch priority list this month are patches for Microsoft Excel, Office, and Word. These patches resolve three remote code execution vulnerabilities along with a security feature bypass vulnerability.

Up next on the list are patches that resolve vulnerabilities that impact Oracle Java SE, versions 7u301, 8u291, 11.0.11, 16.0.1.

Next are patches that affect components of the Windows operating systems. These patches resolve over 60 vulnerabilities including elevation of privilege, information disclosure, remote code execution, security feature bypass, denial of service, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, storage spaces controller, Windows Hello, remote assistance, kernel, GDI, GDI+, Media Foundation, Font Driver, LSA, MSHTML, AF_UNIX Socket Provider, SMB, Print Spooler, and others.

Up next is are patches for Hyper-V that resolve a denial-of-service flaw and remote code execution vulnerabilities.

Lastly, administrators should focus on server-side patches for Microsoft. This is a large month for server-side patches affecting Microsoft SharePoint, Exchange, Office Online Server, Windows DNS, Active Directory, and Dynamics Business Central Control. These patches resolve several issues including remote code execution, information disclosure, spoofing, and remote code execution.

BULLETIN CVE
Exploit Framework – Metasploit CVE-2021-34527, CVE-2021-21985, CVE-2021-1675, CVE-2019-5736
APSB21-51: Adobe Reader and Acrobat CVE-2021-35988, CVE-2021-35987, CVE-2021-35980, CVE-2021-28644, CVE-2021-28640, CVE-2021-28643, CVE-2021-28641, CVE-2021-28639, CVE-2021-28642, CVE-2021-28637, CVE-2021-35986, CVE-2021-28638, CVE-2021-35985, CVE-2021-35984, CVE-2021-28636, CVE-2021-28634, CVE-2021-35983, CVE-2021-35981, CVE-2021-28635
Microsoft Scripting Engine CVE-2021-34448
Microsoft Office Excel CVE-2021-34501, CVE-2021-34518
Microsoft Office CVE-2021-34469, CVE-2021-34452
Oracle Java CVE-2021-2388, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341
Microsoft Windows I CVE-2021-34466, CVE-2021-33743, CVE-2021-34507, CVE-2021-34460, CVE-2021-33751, CVE-2021-34510, CVE-2021-34512, CVE-2021-34513, CVE-2021-34509, CVE-2021-34476, CVE-2021-33782, CVE-2021-33760, CVE-2021-34521, CVE-2021-33740, CVE-2021-33784, CVE-2021-34503, CVE-2021-34439, CVE-2021-34441, CVE-2021-34489, CVE-2021-34440, CVE-2021-34438, CVE-2021-34498, CVE-2021-34496, CVE-2021-33774, CVE-2021-33757, CVE-2021-34461, CVE-2021-33771, CVE-2021-31979, CVE-2021-34514, CVE-2021-34500, CVE-2021-34508, CVE-2021-34458, CVE-2021-34454, CVE-2021-34455, CVE-2021-34459
Microsoft Windows II CVE-2021-34493, CVE-2021-33759, CVE-2021-34462, CVE-2021-33788, CVE-2021-33786, CVE-2021-34497, CVE-2021-34447, CVE-2021-34504, CVE-2021-33744, CVE-2021-34449, CVE-2021-34516, CVE-2021-34491, CVE-2021-33772, CVE-2021-34490, CVE-2021-31183, CVE-2021-34527, CVE-2021-34446, CVE-2021-31961, CVE-2021-34511, CVE-2021-33765, CVE-2021-34492, CVE-2021-33773, CVE-2021-34445, CVE-2021-34456, CVE-2021-33761, CVE-2021-34457, CVE-2021-33763, CVE-2021-33785, CVE-2021-34488, CVE-2021-33783
Role: Hyper-V CVE-2021-33755, CVE-2021-33758, CVE-2021-34450
Microsoft Exchange Server CVE-2021-33766, CVE-2021-34470, CVE-2021-34523, CVE-2021-33768, CVE-2021-31206, CVE-2021-34473, CVE-2021-31196
Microsoft Office SharePoint and Office Online Server CVE-2021-34519, CVE-2021-34467, CVE-2021-34468, CVE-2021-34520, CVE-2021-34517, CVE-2021-34451
Microsoft Windows DNS CVE-2021-34499, CVE-2021-33746, CVE-2021-33754, CVE-2021-33745, CVE-2021-34442, CVE-2021-34444, CVE-2021-34494, CVE-2021-33780, CVE-2021-34525, CVE-2021-33749, CVE-2021-33752, CVE-2021-33750, CVE-2021-33756
Windows Active Directory CVE-2021-33781, CVE-2021-33764, CVE-2021-33779
Dynamics Business Central Control CVE-2021-34474



Source link