- The CTO vs. CMO AI power struggle - who should really be in charge?
- I found an Android phone that can convince iPhone users to make the switch - and it's not a flagship
- Finally, Bluetooth trackers for Android users that function better than AirTags (and they're on sale)
- The 8TB T5 Evo SSD is back in stock and over $150 off at Samsung
- The 40+ best early Amazon Spring Sale TV deals 2025: Save over $2,000
Tripwire Patch Priority Index for October 2024
Tripwire’s October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Win32k, Graphics Component, MSHTML, Mobile Broadband Driver, Resilient Filesystem, Cryptographic, Remote Desktop Client, NAT, LSA, Shell, Secure Kernel Mode, and others.
Up next are patches for Visual Studio, Visual Studio Code, .NET, and .NET Framework. These patches resolve remote code execution and denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for Windows Remote Desktop Licensing Service, Remote Desktop Services, OpenSSH for Windows, Kerberos, Hyper-V, Power BI, and SharePoint. These patches resolve information disclosure, denial of service, remote code execution, tampering, security feature bypass, and elevation of privilege vulnerabilities.
Up next are patches for Visual Studio, Visual Studio Code, .NET, and .NET Framework. These patches resolve remote code execution and denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for Windows Remote Desktop Licensing Service, Remote Desktop Services, OpenSSH for Windows, Kerberos, Power BI, and SharePoint. These patches resolve information disclosure, denial of service, remote code execution, tampering, security feature bypass, and elevation of privilege vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) | CVE-2024-7025, CVE-2024-9369, CVE-2024-9370 |
| Microsoft Office | CVE-2024-43616, CVE-2024-43576, CVE-2024-43609 |
| Microsoft Office Excel | CVE-2024-43504 |
| Microsoft Office Visio | CVE-2024-43505 |
| Windows Core I | CVE-2024-43513, CVE-2024-43537, CVE-2024-43538, CVE-2024-43561, CVE-2024-43558, CVE-2024-43559, CVE-2024-43540, CVE-2024-43542, CVE-2024-43557, CVE-2024-43555, CVE-2024-43526, CVE-2024-43524, CVE-2024-43525, CVE-2024-43523, CVE-2024-43536, CVE-2024-43543, CVE-2024-37976, CVE-2024-37983, CVE-2024-37982, CVE-2024-43500, CVE-2024-43546, CVE-2024-43533, CVE-2024-43599, CVE-2024-43501, CVE-2024-43585, CVE-2024-43572, CVE-2024-43560, CVE-2024-43551, CVE-2024-43583, CVE-2024-43550, CVE-2024-43509, CVE-2024-43556, CVE-2024-43534, CVE-2024-43508, CVE-2024-43573, CVE-2024-43520 |
| Windows Core II | CVE-2024-43527, CVE-2024-37979, CVE-2024-43502, CVE-2024-43511, CVE-2024-43570, CVE-2024-38149, CVE-2024-43506, CVE-2024-43512, CVE-2024-43528, CVE-2024-43516, CVE-2024-43552, CVE-2024-43582, CVE-2024-43468, CVE-2024-43562, CVE-2024-43565, CVE-2024-43522, CVE-2024-43584, CVE-2024-43563, CVE-2024-38124, CVE-2024-43519, CVE-2024-43532, CVE-2024-43518, CVE-2024-43574, CVE-2024-43515, CVE-2024-43589, CVE-2024-38261, CVE-2024-38265, CVE-2024-43593, CVE-2024-43564, CVE-2024-43592, CVE-2024-38212, CVE-2024-43453, CVE-2024-43611, CVE-2024-43608, CVE-2024-43607, CVE-2024-43549, CVE-2024-43529, CVE-2024-43544, CVE-2024-43541, CVE-2024-43553, CVE-2024-43614, CVE-2024-43517, CVE-2024-43535, CVE-2024-43554, CVE-2024-43545, CVE-2024-43514 |
| Visual Studio Code | CVE-2024-43488, CVE-2024-43601 |
| .NET, .NET Framework, Visual Studio | CVE-2024-43483, CVE-2024-43484, CVE-2024-43485, CVE-2024-38229, CVE-2024-43603 |
| Windows Remote Desktop Licensing Service | CVE-2024-38262 |
| Windows Remote Desktop Services | CVE-2024-43456 |
| OpenSSH for Windows | CVE-2024-38029, CVE-2024-43581, CVE-2024-43615 |
| Windows Hyper-V | CVE-2024-30092, CVE-2024-43521, CVE-2024-43567, CVE-2024-43575, CVE-2024-20659 |
| Windows Kerberos | CVE-2024-38129, CVE-2024-43547 |
| Power BI | CVE-2024-43612, CVE-2024-43481 |
| Microsoft Office SharePoint | CVE-2024-43503 |
