Tripwire’s February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe.

Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities.

Next on the list are patches for Adobe Flash player (APSB20-06), Adobe Acrobat (APSB20-05), and Adobe Reader (APSB20-05). These patches resolve information disclosure, arbitrary code execution, memory leak, and arbitrary file system write vulnerabilities.

Next on the list are patches for Microsoft Excel and Outlook. These patches resolve one remote code execution and one security feature bypass vulnerabilities.

Next, this month are patches that affect components of the Windows operating systems. These patches resolve more than 80 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and security feature bypass. These vulnerabilities affect Connected Devices Platform Service, Connected User Experiences and Telemetry Service, DirectX, Backup Service, Client License Service, Data Sharing Service, Error Reporting, Function Discovery Service, Key Isolation Service, Search Indexer, Graphics Component, Windows Kernel, Windows Installer, COM, NDIS, Secure Boot, Hyper-V, RDP, and RDP Client.

Lastly this month, administrators should focus on server-side patches available for Microsoft Office Online Server, SharePoint, SQL Server, and Exchange.

 

BULLETIN
CVE
Microsoft Edge
CVE-2020-0706, CVE-2020-0663
Microsoft Scripting Engine
CVE-2020-0767, CVE-2020-0713, CVE-2020-0712, CVE-2020-0711, CVE-2020-0710, CVE-2020-0674, CVE-2020-0673
APSB20-06: Adobe Flash Player
CVE-2020-3757
APSB20-05: Adobe Reader and Acrobat
CVE-2020-3744, CVE-2020-3747, CVE-2020-3755, CVE-2020-3742, CVE-2020-3752, CVE-2020-3754, CVE-2020-3743, CVE-2020-3745, CVE-2020-3746, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751, CVE-2020-3753, CVE-2020-3756, CVE-2020-3762, CVE-2020-3763
Microsoft Office
CVE-2020-0759, CVE-2020-0696
Microsoft Windows I
CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0727, CVE-2020-0732, CVE-2020-0681, CVE-2020-0703, CVE-2020-0685, CVE-2020-0701, CVE-2020-0657, CVE-2020-0658, CVE-2020-0747, CVE-2020-0659, CVE-2020-0818, CVE-2020-0739, CVE-2020-0737, CVE-2020-0753, CVE-2020-0754, CVE-2020-0678, CVE-2020-0679, CVE-2020-0680, CVE-2020-0682, CVE-2020-0698, CVE-2020-0669, CVE-2020-0668, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672, CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0756, CVE-2020-0755, CVE-2020-0748, CVE-2020-0757, CVE-2020-0667, CVE-2020-0666, CVE-2020-0704, CVE-2020-0733, CVE-2020-0738, CVE-2020-0729, CVE-2020-0655, CVE-2020-0702
Microsoft Windows II
CVE-2020-0707, CVE-2020-0730, CVE-2020-0735, CVE-2020-0665, CVE-2020-0708, CVE-2020-0691, CVE-2020-0750, CVE-2020-0749, CVE-2020-0752, CVE-2020-0709, CVE-2020-0714, CVE-2020-0746, CVE-2020-0744, CVE-2020-0745, CVE-2020-0715, CVE-2020-0792, CVE-2020-0731, CVE-2020-0722, CVE-2020-0723, CVE-2020-0725, CVE-2020-0720, CVE-2020-0721, CVE-2020-0726, CVE-2020-0724, CVE-2020-0719, CVE-2020-0717, CVE-2020-0716, CVE-2020-0736, CVE-2020-0683, CVE-2020-0686, CVE-2020-0728, CVE-2020-0705, CVE-2020-0705, CVE-2020-0689, CVE-2020-0661, CVE-2020-0751, CVE-2020-0662, CVE-2020-0660, CVE-2020-0660, CVE-2020-0817, CVE-2020-0734
Microsoft Office SharePoint
CVE-2020-0693, CVE-2020-0694
Microsoft Office Online Server
CVE-2020-0695
Microsoft SQL Server
CVE-2020-0618
Microsoft Exchange Server
CVE-2020-0688, CVE-2020-0692, CVE-2020-0688

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its Patch Priority Index, click here.

Or for PPI and more, you can follow VERT on Twitter: @tripwirevert.