Tripwire の脆弱性調査チーム:VERT が月に一度の パッチプライオリティ指標(Patch Priority Index:PPI) を公開します。非常に重要な意味を持つ PPI は、日々これらのパッチにより解決される脆弱性に取り組んでいる VERT の研究員がリリースしています。
パッチプライオリティ指標の決め方は詳しい:https://blog.tripwire.co.jp/blog/understanding-prioritization にてご参考ください。
また、新しい脆弱性ソリューションが弊社のディストリビューターからリリースされましたので、是非ご覧になってください。
下記は2018年11月のパッチプライオリティ指標になります。
First on the patch priority list this month are patches for Microsoft’s Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP), Spoofing and Information Disclosure vulnerabilities.
Next on the list are patches for Adobe Flash, Acrobat and Reader. These patches resolve two information disclosure vulnerabilities.
Up next are patches for Microsoft Office for Excel, Outlook, Project, Skype for Business and Word. These patches resolve 10 vulnerabilities, including Remote Code Execution (RCE) and Denial of Service vulnerabilities.
Next on the list are the patches for Microsoft Windows. These patches address multiple vulnerabilities across Active Directory Federation Services, BitLocker, DirectX, MSRPC, Graphics components, PowerShell, JScript, RemoteFX, Win32k, ALCP and other Windows components. These patches resolve 24 vulnerabilities including XSS, Security Feature Bypass, EoP, Information Disclosure and RCE vulnerabilities.
Finally, this month administrators should focus on server-side patches for Microsoft Team Foundation Server, Exchange, SharePoint and Dynamics 365. These patches resolve 10 vulnerabilities including XSS, EoP, Information Disclosure and RCE vulnerabilities.
ULLETIN |
CVE |
Microsoft Scripting Engine | CVE-2018-8541, CVE-2018-8551, CVE-2018-8542, CVE-2018-8588, CVE-2018-8555, CVE-2018-8543, CVE-2018-8556, CVE-2018-8557, CVE-2018-8552 |
Microsoft Browsers | CVE-2018-8570, CVE-2018-8567, CVE-2018-8545, CVE-2018-8564 |
Adobe Flash | CVE-2018-15978 |
Adobe Acrobat/Reader | CVE-2018-15979 |
Microsoft Office | CVE-2018-8574, CVE-2018-8577, CVE-2018-8582, CVE-2018-8576, CVE-2018-8524, CVE-2018-8522, CVE-2018-8575, CVE-2018-8546, CVE-2018-8539, CVE-2018-8573 |
Microsoft Windows | CVE-2018-8547, CVE-2018-8566, CVE-2018-8561, CVE-2018-8485, CVE-2018-8554, CVE-2018-8563, CVE-2018-8407, CVE-2018-8553, CVE-2018-8417, CVE-2018-8256, CVE-2018-8415, CVE-2018-8471, CVE-2018-8562, CVE-2018-8565, CVE-2018-8584, CVE-2018-8454, CVE-2018-8550, CVE-2018-8476, CVE-2018-8592, CVE-2018-8408, CVE-2018-8450, CVE-2018-8549, CVE-2018-8544, CVE-2018-8589 |
Microsoft Team Foundation Server | CVE-2018-8602 |
Microsoft Exchange | CVE-2018-8581 |
Microsoft SharePoint | CVE-2018-8568, CVE-2018-8572, CVE-2018-8578 |
Microsoft Dynamics | CVE-2018-8607, CVE-2018-8605, CVE-2018-8608, CVE-2018-8606, CVE-2018-8609 |