VERT 脅威アラート – 2019年6月パッチプライオリティ指標(Patch Priority Index:PPI) (英語版)

avatar

 2019.07.19  Japanブログ編集部

Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。

パッチプライオリティ指標の決め方は詳しい:https://blog.tripwire.co.jp/blog/understanding-prioritization にてご参考ください。

また、新しい脆弱性ソリューションが弊社のディストリビューターからリリースされましたので、是非ご覧になってください。

脆弱性検出と修復作業を自動化するソリューションの販売を開始

下記は2019年6月のパッチプライオリティ指標になります。

Tripwire’s June 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and Adobe.

First and most importantly this month are patches available to resolve 2 deserialization vulnerabilities in Oracle WebLogic. These vulnerabilities are identified as CVE-2019-2725 and CVE-2019-2729. Both of these vulnerabilities allow remote code execution over a network and without authentication. CVE-2019-2725 impacts Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0 and CVE-2019-2729 impacts Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0

Next on this list is a patch for Adobe Flash Player. Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical Use-After-Free vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Up next on the patch priority list this month are patches for Microsoft’s Browser and Scripting Engine. These patches resolve 19 vulnerabilities, including fixes for Memory Corruption, Security Feature Bypass, and Information Disclosure vulnerabilities.

Next on the list are patches for Microsoft Word. These patches resolve 2 vulnerabilities, including fixes for Remove Code Execution vulnerabilities.

Up next are patches for Microsoft Windows. These patches address numerous vulnerabilities across Windows Kernel, Jet Database Engine, GDI, Unified Write Filter, Hyper-V, NTLM, Secure Kernel Mode, Shell, Storage Service, User Profile Service, Event Viewer, Task Scheduler, IIS, Speech API, Local Security Authority Subsystem, DirectX, ActiveX, and Comctl32. These patches fix 61 vulnerabilities, including Elevation of Privilege, Information Disclosure, Security Feature Bypass, Denial of Service, and Remote Code Execution vulnerabilities.

Finally this month, administrators should focus on server-side patches available for Microsoft SharePoint, Skype for Business and Lync Server. These patches resolve 5 vulnerabilities, including Cross-site Scripting (XSS) and Denial of Service vulnerabilities

 

BULLETIN CVE
Oracle Security Alert Advisory – CVE-2019-2725 CVE-2019-2725
Oracle Security Alert Advisory – CVE-2019-2729 CVE-2019-2729
APSB19-30: Adobe Flash Player CVE-2019-7845 CVE-2019-7845
Browser CVE-2019-1081, CVE-2019-1038, CVE-2019-1054
Scripting Engine CVE-2019-1002, CVE-2019-1003, CVE-2019-0991, CVE-2019-0993, CVE-2019-1024, CVE-2019-0992, CVE-2019-0989, CVE-2019-1052, CVE-2019-1051, CVE-2019-0990, CVE-2019-1023, CVE-2019-1005, CVE-2019-1080, CVE-2019-0988, CVE-2019-0920, CVE-2019-1055
Microsoft Office CVE-2019-1035, CVE-2019-1034
Windows CVE-2019-0888, CVE-2019-1043, CVE-2019-1018, CVE-2019-0908, CVE-2019-0909, CVE-2019-0906, CVE-2019-0907, CVE-2019-0904, CVE-2019-0905, CVE-2019-0974, CVE-2019-0972, CVE-2019-0941, CVE-2019-0985, CVE-2019-1019, CVE-2019-1069, CVE-2019-0960, CVE-2019-1017, CVE-2019-1014, CVE-2019-0943, CVE-2019-1007, CVE-2019-1028, CVE-2019-1022, CVE-2019-1021, CVE-2019-1026, CVE-2019-1027, CVE-2019-0984, CVE-2019-0959, CVE-2019-1025, CVE-2019-1064, CVE-2019-0948, CVE-2019-1009, CVE-2019-0968, CVE-2019-1050, CVE-2019-1048, CVE-2019-1015, CVE-2019-1049, CVE-2019-1046, CVE-2019-1047, CVE-2019-1016, CVE-2019-1013, CVE-2019-1012, CVE-2019-1011, CVE-2019-1010, CVE-2019-0977, CVE-2019-0710, CVE-2019-0713, CVE-2019-0711, CVE-2019-0620, CVE-2019-0722, CVE-2019-0709, CVE-2019-0973, CVE-2019-1065, CVE-2019-1041, CVE-2019-1039, CVE-2019-1040, CVE-2019-1045, CVE-2019-1044, CVE-2019-1053, CVE-2019-0998, CVE-2019-0983, CVE-2019-0986
SharePoint CVE-2019-1031, CVE-2019-1032, CVE-2019-1036, CVE-2019-1033
Skype for Business and Lync Server CVE-2019-1029

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.

Or you can follow VERT on Twitter: @tripwirevert

TRIPWIRE IP360 データシート

RECOMMEND関連記事


RECENT POST「VERT」の最新記事


この記事が気に入ったらいいねしよう!