Tripwire Patch Priority Index for November 2020 – VERT


Tripwire‘s November 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle.

First on the patch priority list this month are three vulnerabilities in Oracle WebLogic Server that have recently been included within the Metasploit exploit framework. Supported versions of Oracle WebLogic Server that are affected include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.

Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Browser, and Microsoft Edge (Chromium-Based). These patches resolve 12 vulnerabilities that exist due to issues such as use after free, inappropriate implementation, insufficient policy enforcement, integer overflow, and memory corruption vulnerabilities.

Next on the list are patches for Microsoft Excel, Office, and Word, which resolve 7 vulnerabilities including remote code execution and security feature bypass.

Up next are patches for Adobe Reader and Acrobat that resolve 14 issues including heap-based buffer overflow, improper access control, improper input validation, security feature bypass, signature verification and validation bypass, out-of-bounds read and write, use-after-free, and race condition vulnerabilities.

Up next this month are patches that affect components of the Windows operating systems. These patches resolve more than 50 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, GDI, Codecs Library, Remote Desktop, Kerberos, Error Reporting, Hyper-V, Network File System, Print Spooler, Remote Access, Defender, NDIS, Common Log File System Driver, and others.

Finally, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft Dynamics, Microsoft Exchange, and Microsoft SharePoint. These patches resolve several issues, including cross-site scripting, information disclosure, spoofing, denial of service, and remote code execution vulnerabilities.

BULLETIN CVE
Exploit Framework – Metasploit: Oracle WebLogic Server CVE-2020-14883, CVE-2020-14882, CVE-2020-14750
Microsoft Scripting Engine CVE-2020-17048, CVE-2020-17054, CVE-2020-17053, CVE-2020-17052
Microsoft Browsers CVE-2020-17058
Microsoft Edge (Chromium-Based) CVE-2020-16011, CVE-2020-16009, CVE-2020-16008, CVE-2020-16007, CVE-2020-16006, CVE-2020-16005, CVE-2020-16004
Microsoft Office CVE-2020-17019, CVE-2020-17066, CVE-2020-17064, CVE-2020-17065, CVE-2020-17067, CVE-2020-17062, CVE-2020-17020
Adobe Reader and Acrobat CVE-2020-24435, CVE-2020-24433, CVE-2020-24432, CVE-2020-24439, CVE-2020-24429, CVE-2020-24427, CVE-2020-24431, CVE-2020-24436, CVE-2020-24426, CVE-2020-24434, CVE-2020-24428, CVE-2020-24430, CVE-2020-24437, CVE-2020-24438
Microsoft Windows CVE-2020-17049, CVE-2020-17000, CVE-2020-16997, CVE-2020-17010, CVE-2020-17013, CVE-2020-17012, CVE-2020-17024, CVE-2020-17046, CVE-2020-17007, CVE-2020-17036, CVE-2020-17040, CVE-2020-17045, CVE-2020-17030, CVE-2020-17047, CVE-2020-17056, CVE-2020-17051, CVE-2020-17011, CVE-2020-17041, CVE-2020-17001, CVE-2020-17014, CVE-2020-17042, CVE-2020-17027, CVE-2020-17044, CVE-2020-17043, CVE-2020-17055, CVE-2020-17031, CVE-2020-17028, CVE-2020-17026, CVE-2020-17025, CVE-2020-17034, CVE-2020-17033, CVE-2020-17032, CVE-2020-1599 , CVE-2020-17057, CVE-2020-17090, CVE-2020-17113, CVE-2020-17071, CVE-2020-17075, CVE-2020-17070, CVE-2020-17073, CVE-2020-17074, CVE-2020-17076, CVE-2020-17077, CVE-2020-17035, CVE-2020-17087, CVE-2020-17037, CVE-2020-16999, CVE-2020-16998, CVE-2020-17038, CVE-2020-17029, CVE-2020-17068, CVE-2020-17004, CVE-2020-17069, CVE-2020-17088
Microsoft Dynamics CVE-2020-17005, CVE-2020-17006, CVE-2020-17018, CVE-2020-17021
Microsoft Exchange Server CVE-2020-17085, CVE-2020-17083, CVE-2020-17084
Microsoft Office SharePoint CVE-2020-17017, CVE-2020-16979, CVE-2020-17061, CVE-2020-17016, CVE-2020-17015, CVE-2020-17060



Source link