Tripwire patch priority index for December 2021

0

Tripwire’s December 2021 Patch Priority Index (PPI) gathers important vulnerabilities for Apache, Ubuntu Linux Kernel and Microsoft.

The first on the list of high priority fixes this month are the fixes for Apache Log4j2 vulnerabilities, the highest for the Log4j2 “LogShell” remote code execution vulnerability. There are many attack vectors through various software applications due to the widespread use of Log4j2 in various products. See https://logging.apache.org/log4j/2.x/security.html for details.

Next are the fixes for Microsoft MSHTML (CVE-2021-40444) and the Linux kernel in Ubuntu (CVE-2021-3493). Exploits for these vulnerabilities were recently added to the Metasploit Exploit Framework. These systems should be corrected as soon as possible.

Next are the patches for Microsoft Edge that address over 20 vulnerabilities such as user post free, type confusion, buffer overflow, and data validation vulnerabilities.

Next are fixes for Microsoft Office Access, Excel, Office Developer Platform, and Visual Basic for Applications. These fixes resolve 4 issues including remote code execution, information disclosure, and elevation of privilege.

This is followed by fixes that affect components of Windows operating systems. These fixes resolve over 30 vulnerabilities, including elevation of privilege, information disclosure, bypassing security features, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect Windows Kernel, Kernel, NTFS, TCP / IP Driver, Common Log File System Driver, Media Center, lsasrv, Fax Service, Message Queuing, and others.

Finally, administrators should focus on server side fixes for SharePoint, Hyper-V, Internet Storage Name Service, and BizTalk ESB Toolkit. These fixes resolve many issues, including impersonation, remote code execution, and denial of service vulnerabilities.

NEWSLETTER CVE
Remote code execution vulnerability in Apache Log4j2 LogShell CVE-2021-44228, CVE-2021-45046
Operating framework – Metasploit CVE-2021-40444, CVE-2021-3493
Microsoft Edge CVE-2021-4053, CVE-2021-4052, CVE-2021-4064, CVE-2021-4065, CVE-2021-4057, CVE-2021-4056, CVE-2021-4055, CVE-2021-4054, CVE- 2021-4059, CVE-2021-4058, CVE-2021-4068, CVE-2021-4061, CVE-2021-4067, CVE-2021-4066, CVE-2021-4062, CVE-2021-4063, CVE-2021- 4101, CVE-2021-4100, CVE-2021-4102, CVE-2021-4099, CVE-2021-4098
Microsoft Office Excel CVE-2021-43256
Visual Basic for Applications CVE-2021-42295
Microsoft Office Access CVE-2021-42293
Desktop development platform CVE-2021-43255
Microsoft Windows CVE-2021-40441, CVE-2021-43216, CVE-2021-43883, CVE-2021-43207, CVE-2021-43226, CVE-2021-43224, CVE-2021-43227, CVE-2021-43219, CVE- 2021-43248, CVE-2021-43228, CVE-2021-43232, CVE-2021-43244, CVE-2021-43223, CVE-2021-43238, CVE-2021-43893, CVE-2021-43217, CVE-2021- 43245, CVE-2021-43247, CVE-2021-43239, CVE-2021-43237, CVE-2021-43236, CVE-2021-43222, CVE-2021-41333, CVE-2021-43235, CVE-2021-43233, CVE-2021-43234, CVE-2021-43240, CVE-2021-43231, CVE-2021-43230, CVE-2021-43229
Microsoft Office SharePoint CVE-2021-42309, CVE-2021-42294, CVE-2021-42320, CVE-2021-43242
Role: Windows Hyper-V CVE-2021-43246
Internet Storage Name Service CVE-2021-43215
Microsoft BizTalk ESB Toolkit CVE-2021-43892


Source link

Share.

About Author

Comments are closed.