VERT 脅威アラート – 2018年11月パッチプライオリティ指標(Patch Priority Index:PPI) (英語版)


 2018.12.04  Japanブログ編集部

Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。

パッチプライオリティ指標の決め方は詳しい: にてご参考ください。




First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing and Information Disclosure vulnerabilities.

Next on the list are patches for Adobe Flash, Acrobat and Reader. These patches resolve two information disclosure vulnerabilities.

Up next are patches for Microsoft Office for Excel, Outlook, Project, Skype for Business and Word. These patches resolve 10 vulnerabilities, including Remote Code Execution (RCE) and Denial of Service vulnerabilities.

Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Active Directory Federation Services, BitLocker, DirectX, MSRPC, Graphics components, PowerShell, JScript, RemoteFX, Win32k, ALCP and other Windows components. These patches resolve 24 vulnerabilities including XSS, Security Feature Bypass, EoP, Information Disclosure and RCE vulnerabilities.

Finally, this month administrators should focus on server-side patches for Microsoft Team Foundation Server, Exchange, SharePoint and Dynamics 365. These patches resolve 10 vulnerabilities including XSS, EoP, Information Disclosure and RCE vulnerabilities.



Microsoft Scripting Engine CVE-2018-8541, CVE-2018-8551, CVE-2018-8542, CVE-2018-8588, CVE-2018-8555, CVE-2018-8543, CVE-2018-8556, CVE-2018-8557, CVE-2018-8552
Microsoft Browsers CVE-2018-8570, CVE-2018-8567, CVE-2018-8545, CVE-2018-8564
Adobe Flash CVE-2018-15978
Adobe Acrobat/Reader CVE-2018-15979
Microsoft Office CVE-2018-8574, CVE-2018-8577, CVE-2018-8582, CVE-2018-8576, CVE-2018-8524, CVE-2018-8522, CVE-2018-8575, CVE-2018-8546, CVE-2018-8539, CVE-2018-8573
Microsoft Windows CVE-2018-8547, CVE-2018-8566, CVE-2018-8561, CVE-2018-8485, CVE-2018-8554, CVE-2018-8563, CVE-2018-8407, CVE-2018-8553, CVE-2018-8417, CVE-2018-8256, CVE-2018-8415, CVE-2018-8471, CVE-2018-8562, CVE-2018-8565, CVE-2018-8584, CVE-2018-8454, CVE-2018-8550, CVE-2018-8476, CVE-2018-8592, CVE-2018-8408, CVE-2018-8450, CVE-2018-8549, CVE-2018-8544, CVE-2018-8589
Microsoft Team Foundation Server CVE-2018-8602
Microsoft Exchange CVE-2018-8581
Microsoft SharePoint CVE-2018-8568, CVE-2018-8572, CVE-2018-8578
Microsoft Dynamics CVE-2018-8607, CVE-2018-8605, CVE-2018-8608, CVE-2018-8606, CVE-2018-8609


TRIPWIRE IP360 データシート