A logistics company’s vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:
– SQL injection on an infrequently used web server that provides files to vendors
– SSL/TLS not used for a website that contains promotional information
The scan also shows the following vulnerabilities on internal resources:
– Microsoft Office Remote Code Execution on test server for a human resources system
– TLS downgrade vulnerability on a server in a development network
In order of risk, which of the following should be patched FIRST?
A. Microsoft Office Remote Code Execution
B. SQL injection
C. SSL/TLS not used
D. TLS downgrade