Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。
パッチプライオリティ指標の決め方は詳しい:https://blog.tripwire.co.jp/blog/understanding-prioritization にてご参考ください。
また、新しい脆弱性ソリューションが弊社のディストリビューターからリリースされましたので、是非ご覧になってください。
下記は2019年7月のパッチプライオリティ指標になります。
Tripwire’s July 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Oracle.
First on the list for July are patches for Microsoft’s Browser and Scripting Engine. These patches resolve 11 vulnerabilities including fixes for Memory Corruption weaknesses.
Next on the list are patches for Microsoft Excel and Office. These patches resolve three vulnerabilities including fixes for Remove Code Execution and Spoofing flaws.
Up next on the list are patches for Oracle Java. These patches resolve 10 vulnerabilities that address issues related to Security, Utilities, JCE, Networking, JSSE and AWT.
Up next are patches for Microsoft Windows. These patches address numerous vulnerabilities across Windows Kernel, GDI, Hyper-V, PowerShell, Audio Service, DHCP Server, DNS Server, Error Reporting, RPCSS, WLAN Service, WCF/WIF SAML, DirectX, DirectWrite and ADFS. These patches fix 49 vulnerabilities including elevation of privilege, information disclosure, security feature bypass, token authentication bypass, denial of service and remote code execution vulnerabilities.
Next this month are patches for .NET and Visual Studio. These patches address three vulnerabilities including denial of service, remote code execution and information disclosure.
Up next, administrators should focus on server-side patches available for Microsoft SharePoint, SQL Server, Team Foundation Server and Azure DevOps Server. These patches resolve seven vulnerabilities including cross-site scripting (XSS), elevation of privilege, spoofing, remote code execution and information disclosure vulnerabilities.
Lastly this month are patches for Oracle Database, which address seven vulnerabilities related to RDBMS, Spatial, ODBC Driver and Text.
| BULLETIN | CVE |
| Browser | CVE-2019-1103, CVE-2019-1107, CVE-2019-1106, CVE-2019-1062, CVE-2019-1092, CVE-2019-1063, CVE-2019-1104, CVE-2019-1004, CVE-2019-1059, CVE-2019-1056, CVE-2019-1001 |
| Microsoft Office | CVE-2019-1110, CVE-2019-1111, CVE-2019-1109 |
| Oracle Java | CVE-2019-2786, CVE-2019-2769, CVE-2019-2842, CVE-2019-2762, CVE-2019-2766, CVE-2019-2818, CVE-2019-2821, CVE-2019-2745, CVE-2019-7317, CVE-2019-2816 |
| Windows | CVE-2019-1126, CVE-2019-0975, CVE-2019-1097, CVE-2019-1093, CVE-2019-1124, CVE-2019-1123, CVE-2019-1121, CVE-2019-1120, CVE-2019-1117, CVE-2019-1119, CVE-2019-1122, CVE-2019-1127, CVE-2019-1118, CVE-2019-1128, CVE-2019-0999, CVE-2019-1102, CVE-2019-1082, CVE-2019-1074, CVE-2019-0880, CVE-2019-1091, CVE-2019-1108, CVE-2019-0887, CVE-2019-0865, CVE-2019-1132, CVE-2019-1096, CVE-2019-1088, CVE-2019-1086, CVE-2019-1087, CVE-2019-0785, CVE-2019-0811, CVE-2019-1130, CVE-2019-1129, CVE-2019-1037, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116, CVE-2019-1099, CVE-2019-1098, CVE-2019-1095, CVE-2019-1094, CVE-2019-0966, CVE-2019-1067, CVE-2019-1073, CVE-2019-1071, CVE-2019-1089, CVE-2019-1085, CVE-2019-1090, CVE-2019-1006, CVE-2019-1167 |
| Developer Tools | CVE-2019-1083, CVE-2019-1113, CVE-2019-1079 |
| SharePoint | CVE-2019-1134 |
| Exchange Server | CVE-2019-1136, CVE-2019-1137, CVE-2019-1084 |
| SQL Server | CVE-2019-1068 |
| Azure DevOps Server and Team Foundation Server | CVE-2019-1072, CVE-2019-1076 |
| Oracle Database | CVE-2019-2569, CVE-2018-11058, CVE-2019-2776, CVE-2016-9572, CVE-2019-2799, CVE-2019-2753, CVE-2019-2749 |
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
Or you can follow VERT on Twitter: @tripwirevert
