VERT 脅威アラート – 2019年1月パッチプライオリティ指標(Patch Priority Index:PPI) (英語版)


 2019.02.06  Japanブログ編集部

Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。

パッチプライオリティ指標の決め方は詳しい: にてご参考ください。




Tripwire’s January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.

First on the patch priority list this month are patches for Microsoft’s Browser and Scripting Engine. These patches resolve six vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege and Remote Code Execution vulnerabilities.

Next on the list are patches for Adobe Reader and Acrobat. Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities including use-after-free and security bypass flaws.

Up next are patches for Oracle Java. Supported versions affected by the January 2019 Oracle Critical Patch Update include Java SE 7u201, 8u192, 11.0.1 and Java SE Embedded 8u191.

Then there are some patches for Microsoft Office, Outlook, Word, and Skype for Business 2015. These patches resolve five flaws, including Remote Code Execution, Spoofing and Information Disclosure vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address 27 vulnerabilities across Windows Kernel, Jet Database Engine, XmlDocument, Hyper-V, Windows Subsystem for Linux, DHCP client, COM and Windows Data Sharing Service. They fix various weaknesses including Elevation of Privilege, Information Disclosure and Remote Code Execution vulnerabilities.

Next on the list are patches for the .NET Framework and Visual Studio, with fixes for Information Disclosure vulnerabilities.

Finally this month, administrators should focus on server-side patches available for Microsoft Exchange, SharePoint and Team Foundation Server. These patches resolve eight vulnerabilities, including Cross-site Scripting, Information Disclosure, Elevation of Privilege and Memory Corruption vulnerabilities.




Browser CVE-2019-0541, CVE-2019-0566, CVE-2019-0565
Chakra Scripting Engine CVE-2019-0567, CVE-2019-0568, CVE-2019-0539
APSB19-02: Adobe Reader and Acrobat CVE-2018-16011, CVE-2018-16018
Oracle Java CVE-2018-11212, CVE-2019-2449, CVE-2019-2426, CVE-2019-2422
Microsoft Office CVE-2019-0560, CVE-2019-0559, CVE-2019-0561, CVE-2019-0585, CVE-2019-0624
Windows CVE-2019-0577, CVE-2019-0575, CVE-2019-0580, CVE-2019-0538, CVE-2019-0576, CVE-2019-0579, CVE-2019-0578, CVE-2019-0582, CVE-2019-0583, CVE-2019-0581, CVE-2019-0584, CVE-2019-0543, CVE-2019-0555, CVE-2019-0552, CVE-2019-0547, CVE-2019-0572, CVE-2019-0571, CVE-2019-0574, CVE-2019-0573, CVE-2019-0551, CVE-2019-0550, CVE-2019-0549, CVE-2019-0569, CVE-2019-0536, CVE-2019-0554, CVE-2019-0570, CVE-2019-0553
Developer Tools CVE-2019-0545, CVE-2019-0537
SharePoint CVE-2019-0558, CVE-2019-0557, CVE-2019-0556, CVE-2019-0562
Team Foundation Server CVE-2019-0647, CVE-2019-0646
Exchange Server CVE-2019-0588, CVE-2019-0586
TRIPWIRE IP360 データシート