Tripwire’s January 2021 Patch Precedence Index (PPI) brings collectively vital vulnerabilities from Microsoft, Dnsmasq and Oracle.
First on the patch precedence listing this month are patches for Dnsmasq associated to the seven so-called “DNSpooq” vulnerabilities. Dnsmasq is an open-source DNS forwarding utility, and programs utilizing this software program ought to patch as quickly as attainable.
Up subsequent on the patch precedence listing this month are patches for Microsoft Edge, Excel, Workplace and Phrase. These patches resolve over 35 vulnerabilities that exist attributable to points comparable to reminiscence corruption, data disclosure, safety characteristic bypass and distant code execution vulnerabilities.
Subsequent are patches that have an effect on parts of the Home windows working programs. These patches resolve over 60 vulnerabilities together with elevation of privilege, data disclosure, distant code execution and reminiscence corruption vulnerabilities. These vulnerabilities have an effect on core Home windows, GDI+, AppX, Diagnostics hub, RPC, TPM Machine Driver, CSC Service, NTLM, Hyper-V, Energetic Template Library, WalletService, Media Basis, CryptoAPI and others.
Subsequent, directors ought to give attention to server-side patches for Microsoft, which resolve points in Microsoft SharePoint and SQL Server. These resolve a number of points together with distant code execution, elevation of privilege, tampering and spoofing vulnerabilities.
Lastly, this month are patches for Oracle Java and Oracle Database. Oracle launched patches for one Java SE vulnerability and 6 database vulnerabilities.
BULLETINCVEDNSpooq – DnsmasqCVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25681, CVE-2020-25683, CVE-2020-25687, CVE-2020-25682Microsoft Edge (HTML-based)CVE-2021-1705Microsoft Edge (Chromium-based)CVE-2021-21112, CVE-2021-21113, CVE-2021-21110, CVE-2021-21111, CVE-2021-21116, CVE-2021-21107, CVE-2021-21114, CVE-2021-21106, CVE-2021-21109, CVE-2021-21108, CVE-2021-21115, CVE-2020-16043, CVE-2020-15995, CVE-2021-21139, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21118, CVE-2021-21119, CVE-2020-16044, CVE-2021-21129, CVE-2021-21128, CVE-2021-21123, CVE-2021-21122, CVE-2021-21121, CVE-2021-21120, CVE-2021-21127, CVE-2021-21126, CVE-2021-21125, CVE-2021-21124, CVE-2021-21141, CVE-2021-21140Microsoft OfficeCVE-2021-1713, CVE-2021-1714, CVE-2021-1711, CVE-2021-1715, CVE-2021-1716Microsoft WindowsCVE-2021-1685, CVE-2021-1642, CVE-2021-1651, CVE-2021-1680, CVE-2021-1702, CVE-2021-1703, CVE-2021-1645, CVE-2021-1656, CVE-2021-1694, CVE-2021-1695, CVE-2021-1637, CVE-2021-1648, CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693, CVE-2021-1678, CVE-2021-1658, CVE-2021-1700, CVE-2021-1701, CVE-2021-1667, CVE-2021-1673, CVE-2021-1666, CVE-2021-1664, CVE-2021-1660, CVE-2021-1671, CVE-2021-1692, CVE-2021-1691, CVE-2021-1704, CVE-2021-1687, CVE-2021-1686, CVE-2021-1681, CVE-2021-1690, CVE-2021-1649, CVE-2021-1699, CVE-2021-1657, CVE-2021-1706, CVE-2021-1689, CVE-2021-1676, CVE-2021-1650, CVE-2021-1646, CVE-2021-1710, CVE-2021-1697, CVE-2021-1661, CVE-2021-1663, CVE-2021-1670, CVE-2021-1672, CVE-2021-1668, CVE-2021-1679, CVE-2021-1665, CVE-2021-1708, CVE-2021-1696, CVE-2021-1709, CVE-2021-1662, CVE-2021-1682, CVE-2021-1638, CVE-2021-1683, CVE-2021-1684Microsoft Workplace SharePointCVE-2021-1712, CVE-2021-1719, CVE-2021-1707, CVE-2021-1718, CVE-2021-1641, CVE-2021-1717SQL ServerCVE-2021-1636Oracle JavaCVE-2020-14803Oracle DatabaseCVE-2021-1993, CVE-2021-2000, CVE-2021-2054, CVE-2021-2045, CVE-2021-2035, CVE-2021-2018