Tripwire Patch Priority Index for September 2023

Tripwire’s September 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.

First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve 5 vulnerabilities such as out of bounds memory access, type confusion, and use after free.

Next on the patch priority list this month are patches for Microsoft Office, Excel, Word, and Outlook. The patches resolve 7 issues including remote code execution, information disclosure, security feature bypass, and spoofing vulnerabilities.

Next are patches that affect components of the core Windows operating system. These patches resolve over 30 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, Streaming Service, TCP/IP, GDI, MSHTML, and others.

Up next are patches for Visual Studio, .NET, and .NET Framework that resolve elevation of privilege, remote code execution, and denial of service vulnerabilities.

Lastly, administrators should focus on server-side patches for SharePoint, Azure DevOps Server, Dynamics, and Exchange. These patches resolve numerous issues including remote code execution, spoofing, elevation of privilege, and information disclosure vulnerabilities.

BULLETIN	CVE
Microsoft Edge (Chromium-based)	CVE-2023-4761, CVE-2023-4762, CVE-2023-4763, CVE-2023-4764, CVE-2023-4863
Microsoft Office Word	CVE-2023-36761, CVE-2023-36762
Microsoft Office Excel	CVE-2023-36766
Microsoft Office	CVE-2023-36765, CVE-2023-36767, CVE-2023-41764
Microsoft Windows	CVE-2023-36802, CVE-2023-38147, CVE-2023-38146, CVE-2023-35355, CVE-2023-38149, CVE-2023-38160, CVE-2023-36770, CVE-2023-36772, CVE-2023-36773, CVE-2023-36771, CVE-2023-36760, CVE-2023-36739, CVE-2023-36740, CVE-2022-41303, CVE-2023-38161, CVE-2023-36804, CVE-2023-38141, CVE-2023-38142, CVE-2023-38139, CVE-2023-38150, CVE-2023-38140, CVE-2023-36803, CVE-2023-38163, CVE-2023-38148, CVE-2023-36805, CVE-2023-38162, CVE-2023-36801, CVE-2023-38152, CVE-2023-38144, CVE-2023-38143
.NET and Visual Studio	CVE-2023-36792, CVE-2023-36796, CVE-2023-36794, CVE-2023-36793, CVE-2023-36758, CVE-2023-36759, CVE-2023-36799, CVE-2023-39956, CVE-2023-36742, CVE-2023-36788
Azure DevOps	CVE-2023-33136, CVE-2023-38155
Microsoft Dynamics	CVE-2023-36886, CVE-2023-38164
Microsoft Office SharePoint	CVE-2023-36764
Microsoft Exchange Server	CVE-2023-36777, CVE-2023-36756, CVE-2023-36745, CVE-2023-36744, CVE-2023-36757

Source link

Tripwire Patch Priority Index for September 2023

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

VMWARE

Configuration Templates