Patch Priority Index for March 2017

BULLETIN CVE
S2-045 CVE-2017-5638
MS17-012 CVE-2017-0039, CVE-2017-0100, CVE-2017-0104, CVE-2017-0016, CVE-2017-0007, CVE-2017-0057
cisco-sa-20170317-cmp CVE-2017-3881
MS17-006 CVE-2017-0149, CVE-2017-0033, CVE-2017-0037, CVE-2017-0012, CVE-2017-0130, CVE-2017-0049, CVE-2017-0059, CVE-2017-0009, CVE-2017-0008, CVE-2017-0018, CVE-2017-0040, CVE-2017-0154
MS17-007 CVE-2017-0136, CVE-2017-0023, CVE-2017-0069, CVE-2017-0068, CVE-2017-0140, CVE-2017-0141, CVE-2017-0009, CVE-2017-0067, CVE-2017-0066, CVE-2017-0065, CVE-2017-0094, CVE-2017-0134, CVE-2017-0032, CVE-2017-0033, CVE-2017-0034, CVE-2017-0035, CVE-2017-0037, CVE-2017-0131, CVE-2017-0010, CVE-2017-0132, CVE-2017-0070, CVE-2017-0017, CVE-2017-0137, CVE-2017-0015, CVE-2017-0138, CVE-2017-0151, CVE-2017-0150, CVE-2017-0012, CVE-2017-0133, CVE-2017-0011, CVE-2017-0135, CVE-2017-0071
MS17-023/APSB17-07 CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
MS17-010 CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0143, CVE-2017-0148
MS17-015 CVE-2017-0110
MS17-016 CVE-2017-0055
MS17-008 CVE-2017-0109, CVE-2017-0098, CVE-2017-0021, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0099, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0051
MS17-009 CVE-2017-0023
MS17-011 CVE-2017-0122, CVE-2017-0123, CVE-2017-0120, CVE-2017-0121, CVE-2017-0126, CVE-2017-0127, CVE-2017-0124, CVE-2017-0125, CVE-2017-0128, CVE-2017-0092, CVE-2017-0090, CVE-2017-0091, CVE-2017-0119, CVE-2017-0118, CVE-2017-0117, CVE-2017-0116, CVE-2017-0115, CVE-2017-0114, CVE-2017-0113, CVE-2017-0112, CVE-2017-0111, CVE-2017-0072, CVE-2017-0089, CVE-2017-0088, CVE-2017-0083, CVE-2017-0085, CVE-2017-0084, CVE-2017-0087, CVE-2017-0086
MS17-013 CVE-2017-0038, CVE-2017-0108, CVE-2017-0025, CVE-2017-0001, CVE-2017-0005, CVE-2017-0014, CVE-2017-0073, CVE-2017-0063, CVE-2017-0062, CVE-2017-0047, CVE-2017-0060, CVE-2017-0061
MS17-014 CVE-2017-0129, CVE-2017-0029, CVE-2017-0027, CVE-2017-0031, CVE-2017-0105, CVE-2017-0020, CVE-2017-0030, CVE-2017-0006, CVE-2017-0107, CVE-2017-0019, CVE-2017-0052, CVE-2017-0053
MS17-018 CVE-2017-0026, CVE-2017-0024, CVE-2017-0081, CVE-2017-0056, CVE-2017-0080, CVE-2017-0082, CVE-2017-0078, CVE-2017-0079
MS17-019 CVE-2017-0043
MS17-020 CVE-2017-0045
MS17-021 CVE-2017-0042
MS17-022 CVE-2017-0022
APSB17-08 CVE-2017-2983

Tripwire's March 2017 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, Cisco, and Apache Struts.

This month we have a very high priority vulnerability that you should consider at the top of your list. This vulnerability, identified by CVE-2017-5638, is in Apache Struts and is a remote code injection vulnerability due to a flaw in how the application processes crafted data added in the 'Content-Type' HTTP header.

Next on the list this month are patches provided by MS17-012. These patches address vulnerabilities in Device Guard, SMBv2/SMBv3 Client, DLL Loading, dnsclient, helppane.exe, and the iSNS server.

For those of you with Cisco devices, you definitely want to consider CVE-2017-3881 next. This vulnerability is in the Cisco Cluster Management Protocol(CMP) and can allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

Up next we have bulletins for Internet Explorer (MS17-006) and Microsoft Edge (MS17-007). Numerous vulnerabilities addressed by these bulletins have been publicly disclosed. Following these, you'll want to move on to Adobe Flash Player, which is addressed by MS17-023 and its Adobe counterpart APSB17-07. 

Next, is MS17-010, MS17-015, and MS17-016. These address vulnerabilities that can impact SMBv1, OWA in Microsoft Exchange, and Microsoft IIS. 

Lastly for Microsoft products, we have the remaining bulletins from the March 2017 Patch Tuesday. These include MS17-008, MS17-009, MS17-011, MS17-013, MS17-014, and MS17-018 thru MS17-022. These bulletins address vulnerabilities in various products such as Microsoft Office, Hyper-V, Microsoft PDF, Microsoft Uniscribe, Microsoft Office Products, Windows kernel, and more. Indeed, this was a massive Patch Tuesday with approximately 134 vulnerabilities being fixed.

Last on this month's list is APSB17-08, which addresses a vulnerability in Adobe Shockwave Player.