Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。
パッチプライオリティ指標の決め方は詳しい:https://blog.tripwire.co.jp/blog/understanding-prioritization にてご参考ください。
また、新しい脆弱性ソリューションが弊社のディストリビューターからリリースされましたので、是非ご覧になってください。
下記は2019年5月のパッチプライオリティ指標になります。
Tripwire’s May 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe.
First and most importantly this month are the patches available to resolve the BlueKeep (CVE-2019-0708) Remote Desktop Services remote code execution vulnerability. As noted by Microsoft:
[This] remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
It is very important to note that Microsoft also released patches for some versions of Windows that no longer receive mainstream support.
Patches for unsupported versions of Windows including Windows XP, Vista, and Server 2003 R2 are available here:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708.
Patches for Windows 7, Server 2008 and Server 2008 R2 can be found from the MSRC security guidance page:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708.
Newer versions of Windows are not prone to the BlueKeep vulnerability.
Up next on the patch priority index this month are patches for Microsoft’s Browser and Scripting Engine. These patches resolve 23 vulnerabilities including fixes for memory corruption, security feature bypass, spoofing and information disclosure vulnerabilities.
Next on the list are patches for Adobe Flash Player (APSB19-19). Adobe has released patches for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical use-after-free vulnerability in Adobe Flash Player that can lead to arbitrary code execution in the context of the current user.
Following Flash are patches for Adobe Reader and Adobe Acrobat via the APSB19-18 security bulletin. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. These patches resolve 84 vulnerabilities including out-of-bounds read, out-of-bounds write, type confusion, use-after-free, heap overflow, buffer error, double free and security bypass vulnerabilities that can lead to information disclosure and arbitrary code execution.
Next on the list are patches for Microsoft Office Access and Word. These patches resolve four vulnerabilities including fixes for remove code execution vulnerabilities.
Up next are patches for Microsoft Windows. These patches address vulnerabilities across Windows Kernel, Jet Database Engine, GDI/GDI+, Diagnostic Hub, Unified Write Filter, DCP Server, Defender Application Control, Error Reporting, Hyper-V, NDIS, OLE and Storage Service. These patches fix 30 vulnerabilities including elevation of privilege, information disclosure, security feature bypass and remote code execution vulnerabilities.
Next on the patch priority index are patches for the .NET Framework and .NET Core, which address four denial of service vulnerabilities.
Finally this month, administrators should focus on server-side patches available for Microsoft SharePoint, Team Foundation Server, Azure DevOps Server, SQL Server and Microsoft Dynamics. These patches resolve 13 vulnerabilities including elevation of privilege, spoofing, cross-site scripting, security feature bypass, remote code execution and information disclosure vulnerabilities.
| CVE | |
| BlueKeep | CVE-2019-0708 |
| Browser | CVE-2019-0915, CVE-2019-0912, CVE-2019-0927, CVE-2019-0917, CVE-2019-0922, CVE-2019-0937, CVE-2019-0923, CVE-2019-0933, CVE-2019-0914, CVE-2019-0924, CVE-2019-0916, CVE-2019-0913, CVE-2019-0925, CVE-2019-0930, CVE-2019-0929, CVE-2019-0995, CVE-2019-0921, CVE-2019-0940, CVE-2019-0938, CVE-2019-0926, CVE-2019-0918, CVE-2019-0884, CVE-2019-0911 |
| APSB19-26: Adobe Flash | CVE-2019-7837 |
| APSB19-18: Adobe Reader and Acrobat I | CVE-2019-7841, CVE-2019-7836, CVE-2019-7826, CVE-2019-7819, CVE-2019-7813, CVE-2019-7812, CVE-2019-7811, CVE-2019-7810, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7799, CVE-2019-7798, CVE-2019-7795, CVE-2019-7794, CVE-2019-7793, CVE-2019-7790, CVE-2019-7789, CVE-2019-7787, CVE-2019-7780, CVE-2019-7778, CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7774, CVE-2019-7773, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7758, CVE-2019-7145, CVE-2019-7144 |
| APSB19-18: Adobe Reader and Acrobat II | CVE-2019-7143, CVE-2019-7142, CVE-2019-7141, CVE-2019-7140, CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800, CVE-2019-7820, CVE-2019-7835, CVE-2019-7834, CVE-2019-7833, CVE-2019-7832, CVE-2019-7831, CVE-2019-7830, CVE-2019-7823, CVE-2019-7821, CVE-2019-7817, CVE-2019-7814, CVE-2019-7809, CVE-2019-7808, CVE-2019-7807, CVE-2019-7806, CVE-2019-7805, CVE-2019-7797, CVE-2019-7796, CVE-2019-7792, CVE-2019-7791, CVE-2019-7788, CVE-2019-7786, CVE-2019-7785, CVE-2019-7783, CVE-2019-7782, CVE-2019-7781, CVE-2019-7772, CVE-2019-7768, CVE-2019-7767, CVE-2019-7766, CVE-2019-7765, CVE-2019-7764, CVE-2019-7763, CVE-2019-7762, CVE-2019-7761, CVE-2019-7760, CVE-2019-7759, CVE-2019-7828, CVE-2019-7827, CVE-2019-7824, CVE-2019-7784, CVE-2019-7779 |
| Microsoft Office | CVE-2019-0946, CVE-2019-0947, CVE-2019-0945, CVE-2019-0953 |
| Windows | CVE-2019-0727, CVE-2019-0903, CVE-2019-0891, CVE-2019-0890, CVE-2019-0889, CVE-2019-0898, CVE-2019-0895, CVE-2019-0899, CVE-2019-0902, CVE-2019-0893, CVE-2019-0894, CVE-2019-0896, CVE-2019-0901, CVE-2019-0900, CVE-2019-0897, CVE-2019-0942, CVE-2019-0892, CVE-2019-0725, CVE-2019-0733, CVE-2019-0734, CVE-2019-0936, CVE-2019-0863, CVE-2019-0882, CVE-2019-0758, CVE-2019-0961, CVE-2019-0886, CVE-2019-0881, CVE-2019-0707, CVE-2019-0885, CVE-2019-0931 |
| .NET Framework and .NET Core | CVE-2019-0864, CVE-2019-0820, CVE-2019-0980, CVE-2019-0981 |
| SharePoint | CVE-2019-0963, CVE-2019-0957, CVE-2019-0958, CVE-2019-0956, CVE-2019-0952, CVE-2019-0951, CVE-2019-0949, CVE-2019-0950 |
| Azure DevOps and Team Foundation Server | CVE-2019-0872, CVE-2019-0979, CVE-2019-0971 |
| Microsoft Dynamics | CVE-2019-1008 |
| SQL Server | CVE-2019-0819 |
To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), click here.
Or you can follow VERT on Twitter: @tripwirevert
