Tripwire Patch Priority Index for May 2024


Tripwire’s June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.

First on the list this month is a patch for Microsoft Windows Error Reporting (CVE-2024-26169). This CVE is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Next on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and spoofing vulnerabilities.

Next on the patch priority list this month is a patch for Microsoft Excel that resolves a remote code execution vulnerability.

Up next are patches for Adobe Reader and Acrobat that resolve arbitrary code execution and memory leak vulnerabilities.

Next are patches that affect components of the core Windows operating system. These patches resolve over 45 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, CLFS, Mobile Broadband, Mark of the Web, DWM Core, MSHTML, RRAS, Bing, NTFS, Cryptographic Services, and others.

Next up are patches for .NET and Visual Studio Code that resolve remote code execution and denial of service vulnerabilities.

Lastly, administrators should focus on server-side patches for SharePoint, Hyper-V, and DHCP. These patches resolve numerous issues, including remote code execution, information disclosure, and denial of service vulnerabilities.

BULLETIN CVE
Microsoft Error Reporting – KEV CVE-2024-26169
Microsoft Edge (Chromium-based) CVE-2024-4331, CVE-2024-4368, CVE-2024-4558, CVE-2024-4559, CVE-2024-4671, CVE-2024-30055
Microsoft Office Excel CVE-2024-30042
APSB24-29: Adobe Reader and Acrobat CVE-2024-30284, CVE-2024-30310, CVE-2024-34094, CVE-2024-34095, CVE-2024-34096, CVE-2024-34097, CVE-2024-34098, CVE-2024-34099, CVE-2024-34100, CVE-2024-30311, CVE-2024-30312, CVE-2024-34101
Microsoft Windows CVE-2024-30007, CVE-2024-30016, CVE-2024-30020, CVE-2024-29996, CVE-2024-30025, CVE-2024-30037, CVE-2024-29999, CVE-2024-29998, CVE-2024-30012, CVE-2024-29997, CVE-2024-30001, CVE-2024-30005, CVE-2024-30004, CVE-2024-30003, CVE-2024-30002, CVE-2024-30000, CVE-2024-30021, CVE-2024-30050, CVE-2024-30034, CVE-2024-30030, CVE-2024-30018, CVE-2024-30051, CVE-2024-30035, CVE-2024-30032, CVE-2024-30008, CVE-2024-30033, CVE-2024-30039, CVE-2024-29994, CVE-2024-30038, CVE-2024-30028, CVE-2024-30049, CVE-2024-30040, CVE-2024-30054, CVE-2024-30006, CVE-2024-30031, CVE-2024-30014, CVE-2024-30015, CVE-2024-30023, CVE-2024-30022, CVE-2024-30029, CVE-2024-30024, CVE-2024-30009, CVE-2024-30041, CVE-2024-30036, CVE-2024-26238, CVE-2024-30027
.NET and Visual Studio CVE-2024-30045, CVE-2024-32002, CVE-2024-32004, CVE-2024-30046
Windows DHCP Server CVE-2024-30019
Microsoft Office SharePoint CVE-2024-30043, CVE-2024-30044
Windows Hyper-V CVE-2024-30011, CVE-2024-30010, CVE-2024-30017



Source link