Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。
パッチプライオリティ指標の決め方は詳しい:https://blog.tripwire.co.jp/blog/understanding-prioritization にてご参考ください。
下記は2020年1月のパッチプライオリティ指標になります。
Tripwire’s February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe.
Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities.
Next on the list are patches for Adobe Flash player (APSB20-06), Adobe Acrobat (APSB20-05), and Adobe Reader (APSB20-05). These patches resolve information disclosure, arbitrary code execution, memory leak, and arbitrary file system write vulnerabilities.
Next on the list are patches for Microsoft Excel and Outlook. These patches resolve one remote code execution and one security feature bypass vulnerabilities.
Next, this month are patches that affect components of the Windows operating systems. These patches resolve more than 80 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and security feature bypass. These vulnerabilities affect Connected Devices Platform Service, Connected User Experiences and Telemetry Service, DirectX, Backup Service, Client License Service, Data Sharing Service, Error Reporting, Function Discovery Service, Key Isolation Service, Search Indexer, Graphics Component, Windows Kernel, Windows Installer, COM, NDIS, Secure Boot, Hyper-V, RDP, and RDP Client.
Lastly this month, administrators should focus on server-side patches available for Microsoft Office Online Server, SharePoint, SQL Server, and Exchange.
BULLETIN |
CVE |
MICROSOFT EDGE |
CVE-2020-0706, CVE-2020-0663 |
MICROSOFT SCRIPTING ENGINE |
CVE-2020-0767, CVE-2020-0713, CVE-2020-0712, CVE-2020-0711, CVE-2020-0710, CVE-2020-0674, CVE-2020-0673 |
APSB20-06: ADOBE FLASH PLAYER |
CVE-2020-3757 |
APSB20-05: ADOBE READER AND ACROBAT |
CVE-2020-3744, CVE-2020-3747, CVE-2020-3755, CVE-2020-3742, CVE-2020-3752, CVE-2020-3754, CVE-2020-3743, CVE-2020-3745, CVE-2020-3746, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751, CVE-2020-3753, CVE-2020-3756, CVE-2020-3762, CVE-2020-3763 |
MICROSOFT OFFICE |
CVE-2020-0759, CVE-2020-0696 |
MICROSOFT WINDOWS I |
CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0727, CVE-2020-0732, CVE-2020-0681, CVE-2020-0703, CVE-2020-0685, CVE-2020-0701, CVE-2020-0657, CVE-2020-0658, CVE-2020-0747, CVE-2020-0659, CVE-2020-0818, CVE-2020-0739, CVE-2020-0737, CVE-2020-0753, CVE-2020-0754, CVE-2020-0678, CVE-2020-0679, CVE-2020-0680, CVE-2020-0682, CVE-2020-0698, CVE-2020-0669, CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672, CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0756, CVE-2020-0755, CVE-2020-0748, CVE-2020-0757, CVE-2020-0667, CVE-2020-0666, CVE-2020-0704, CVE-2020-0733, CVE-2020-0738, CVE-2020-0729, CVE-2020-0655, CVE-2020-0702 |
MICROSOFT WINDOWS II |
CVE-2020-0707, CVE-2020-0730, CVE-2020-0735, CVE-2020-0665, CVE-2020-0708, CVE-2020-0691, CVE-2020-0750, CVE-2020-0749, CVE-2020-0752, CVE-2020-0709, CVE-2020-0714, CVE-2020-0746, CVE-2020-0744, CVE-2020-0745, CVE-2020-0715, CVE-2020-0792, CVE-2020-0731, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0720, CVE-2020-0721, CVE-2020-0726, CVE-2020-0724, CVE-2020-0719, CVE-2020-0717, CVE-2020-0716, CVE-2020-0736, CVE-2020-0683, CVE-2020-0686, CVE-2020-0728, CVE-2020-0705, CVE-2020-0705, CVE-2020-0689, CVE-2020-0661, CVE-2020-0751, CVE-2020-0662, CVE-2020-0660, CVE-2020-0660, CVE-2020-0817, CVE-2020-0734 |
MICROSOFT OFFICE SHAREPOINT |
CVE-2020-0693, CVE-2020-0694 |
MICROSOFT OFFICE ONLINE SERVER |
CVE-2020-0695 |
MICROSOFT SQL SERVER |
CVE-2020-0618 |
MICROSOFT EXCHANGE SERVER |
CVE-2020-0688, CVE-2020-0692, CVE-2020-0688 |
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its PPI, click here.
Or, for PPI and more, you can follow VERT on Twitter: @tripwirevert.
