The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST Cybersecurity Framework is about as big an umbrella as you are going to find,” says Edward G. Amoroso, CEO of TAG Cyber, in the Fortra report. He advises, “… if you’re going to pick something, you might as well pick the thing that has everything.” Created...
Author: Lane Thames
Tripwire's August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing vulnerabilities. Up next is a patch for Windows Defender that resolves an elevation of privilege vulnerability. Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation...
Tripwire's July 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Access, Excel, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 90 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of...
Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework. Next on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation of privilege, information disclosure, and security feature bypass vulnerabilities. Up next are patches for Microsoft Office, Outlook, Excel, and...
Tripwire's May 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation and security feature bypass vulnerabilities. Up next are 3 patches for Microsoft Office, Word, Excel, and Access that resolve remote code execution, security feature bypass, and denial of service vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 25 vulnerabilities, including elevation of privilege, information...
With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components are flying straight from the supply chain to the network, having the right vulnerability management program is critical for ensuring secure environments. Understanding the Patch Management Process Tripwire's Vulnerability and Exposure Research Team...
Tripwire's April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities. Up next are 3 patches for Microsoft Office, Word, and Publisher that resolve 4 remote code execution vulnerabilities. Next are patches for Adobe Acrobat and Reader that resolve 16 vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches...
Tripwire's March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft. First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that should be patched as soon as possible. This vulnerability has seen exploitation in the wild and allows attackers to perform an NTLM Relay attack. Please refer to the following link for a detailed technical discussion for this issue (https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for...
Tripwire's February 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for Microsoft Defender for Endpoint that resolves a security feature bypass vulnerability. Next are patches for Microsoft Edge that resolve 15 vulnerabilities, including remote code execution, spoofing, and tampering vulnerabilities. Up next on the priority list are patches for Microsoft Word, OneNote, Publisher, and Office that resolve remote code execution, spoofing, security feature bypass, and information disclosure...
Tripwire's January 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Visio and Microsoft Office that resolve 6 vulnerabilities, including remote code execution and information disclosure vulnerabilities. Next are patches for Adobe Reader and Acrobat that 15 vulnerabilities, including arbitrary code execution, memory leak, denial-of-service, and elevation of privilege vulnerabilities. Up next are patches that affect components of the core Windows operating system. These patches...