Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。
パッチプライオリティ指標の決め方は詳しい:https://blog.tripwire.co.jp/blog/understanding-prioritization にてご参考ください。
また、新しい脆弱性ソリューションが弊社のディストリビューターからリリースされましたので、是非ご覧になってください。
下記は2019年1月のパッチプライオリティ指標になります。
Tripwire’s January 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle.
First on the patch priority list this month are patches for Microsoft’s Browser and Scripting Engine. These patches resolve six vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege and Remote Code Execution vulnerabilities.
Next on the list are patches for Adobe Reader and Acrobat. Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities including use-after-free and security bypass flaws.
Up next are patches for Oracle Java. Supported versions affected by the January 2019 Oracle Critical Patch Update include Java SE 7u201, 8u192, 11.0.1 and Java SE Embedded 8u191.
Then there are some patches for Microsoft Office, Outlook, Word, and Skype for Business 2015. These patches resolve five flaws, including Remote Code Execution, Spoofing and Information Disclosure vulnerabilities.
Next on the list are the patches for Microsoft Windows. These patches address 27 vulnerabilities across Windows Kernel, Jet Database Engine, XmlDocument, Hyper-V, Windows Subsystem for Linux, DHCP client, COM and Windows Data Sharing Service. They fix various weaknesses including Elevation of Privilege, Information Disclosure and Remote Code Execution vulnerabilities.
Next on the list are patches for the .NET Framework and Visual Studio, with fixes for Information Disclosure vulnerabilities.
Finally this month, administrators should focus on server-side patches available for Microsoft Exchange, SharePoint and Team Foundation Server. These patches resolve eight vulnerabilities, including Cross-site Scripting, Information Disclosure, Elevation of Privilege and Memory Corruption vulnerabilities.
BULLETIN |
CVE |
| Browser | CVE-2019-0541, CVE-2019-0566, CVE-2019-0565 |
| Chakra Scripting Engine | CVE-2019-0567, CVE-2019-0568, CVE-2019-0539 |
| APSB19-02: Adobe Reader and Acrobat | CVE-2018-16011, CVE-2018-16018 |
| Oracle Java | CVE-2018-11212, CVE-2019-2449, CVE-2019-2426, CVE-2019-2422 |
| Microsoft Office | CVE-2019-0560, CVE-2019-0559, CVE-2019-0561, CVE-2019-0585, CVE-2019-0624 |
| Windows | CVE-2019-0577, CVE-2019-0575, CVE-2019-0580, CVE-2019-0538, CVE-2019-0576, CVE-2019-0579, CVE-2019-0578, CVE-2019-0582, CVE-2019-0583, CVE-2019-0581, CVE-2019-0584, CVE-2019-0543, CVE-2019-0555, CVE-2019-0552, CVE-2019-0547, CVE-2019-0572, CVE-2019-0571, CVE-2019-0574, CVE-2019-0573, CVE-2019-0551, CVE-2019-0550, CVE-2019-0549, CVE-2019-0569, CVE-2019-0536, CVE-2019-0554, CVE-2019-0570, CVE-2019-0553 |
| Developer Tools | CVE-2019-0545, CVE-2019-0537 |
| SharePoint | CVE-2019-0558, CVE-2019-0557, CVE-2019-0556, CVE-2019-0562 |
| Team Foundation Server | CVE-2019-0647, CVE-2019-0646 |
| Exchange Server | CVE-2019-0588, CVE-2019-0586 |
