VERT 脅威アラート – 2019年7月パッチプライオリティ指標(Patch Priority Index:PPI) (英語版)


 2019.08.19  Japanブログ編集部

Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。

パッチプライオリティ指標の決め方は詳しい: にてご参考ください。




Tripwire’s July 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Oracle.

First on the list for July are patches for Microsoft’s Browser and Scripting Engine. These patches resolve 11 vulnerabilities including fixes for Memory Corruption weaknesses.

Next on the list are patches for Microsoft Excel and Office. These patches resolve three vulnerabilities including fixes for Remove Code Execution and Spoofing flaws.

Up next on the list are patches for Oracle Java. These patches resolve 10 vulnerabilities that address issues related to Security, Utilities, JCE, Networking, JSSE and AWT.

Up next are patches for Microsoft Windows. These patches address numerous vulnerabilities across Windows Kernel, GDI, Hyper-V, PowerShell, Audio Service, DHCP Server, DNS Server, Error Reporting, RPCSS, WLAN Service, WCF/WIF SAML, DirectX, DirectWrite and ADFS. These patches fix 49 vulnerabilities including elevation of privilege, information disclosure, security feature bypass, token authentication bypass, denial of service and remote code execution vulnerabilities.

Next this month are patches for .NET and Visual Studio. These patches address three vulnerabilities including denial of service, remote code execution and information disclosure.

Up next, administrators should focus on server-side patches available for Microsoft SharePoint, SQL Server, Team Foundation Server and Azure DevOps Server. These patches resolve seven vulnerabilities including cross-site scripting (XSS), elevation of privilege, spoofing, remote code execution and information disclosure vulnerabilities.

Lastly this month are patches for Oracle Database, which address seven vulnerabilities related to RDBMS, Spatial, ODBC Driver and Text.

Browser CVE-2019-1103, CVE-2019-1107, CVE-2019-1106, CVE-2019-1062, CVE-2019-1092, CVE-2019-1063, CVE-2019-1104, CVE-2019-1004, CVE-2019-1059, CVE-2019-1056, CVE-2019-1001
Microsoft Office CVE-2019-1110, CVE-2019-1111, CVE-2019-1109
Oracle Java CVE-2019-2786, CVE-2019-2769, CVE-2019-2842, CVE-2019-2762, CVE-2019-2766, CVE-2019-2818, CVE-2019-2821, CVE-2019-2745, CVE-2019-7317, CVE-2019-2816
Windows CVE-2019-1126, CVE-2019-0975, CVE-2019-1097, CVE-2019-1093, CVE-2019-1124, CVE-2019-1123, CVE-2019-1121, CVE-2019-1120, CVE-2019-1117, CVE-2019-1119, CVE-2019-1122, CVE-2019-1127, CVE-2019-1118, CVE-2019-1128, CVE-2019-0999, CVE-2019-1102, CVE-2019-1082, CVE-2019-1074, CVE-2019-0880, CVE-2019-1091, CVE-2019-1108, CVE-2019-0887, CVE-2019-0865, CVE-2019-1132, CVE-2019-1096, CVE-2019-1088, CVE-2019-1086, CVE-2019-1087, CVE-2019-0785, CVE-2019-0811, CVE-2019-1130, CVE-2019-1129, CVE-2019-1037, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116, CVE-2019-1099, CVE-2019-1098, CVE-2019-1095, CVE-2019-1094, CVE-2019-0966, CVE-2019-1067, CVE-2019-1073, CVE-2019-1071, CVE-2019-1089, CVE-2019-1085, CVE-2019-1090, CVE-2019-1006, CVE-2019-1167
Developer Tools CVE-2019-1083, CVE-2019-1113, CVE-2019-1079
SharePoint CVE-2019-1134
Exchange Server CVE-2019-1136, CVE-2019-1137, CVE-2019-1084
SQL Server CVE-2019-1068
Azure DevOps Server and Team Foundation Server CVE-2019-1072, CVE-2019-1076
Oracle Database CVE-2019-2569, CVE-2018-11058, CVE-2019-2776, CVE-2016-9572, CVE-2019-2799, CVE-2019-2753, CVE-2019-2749

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

Or you can follow VERT on Twitter: @tripwirevert

TRIPWIRE IP360 データシート