Highlights of April Digest
-
30 vendors released security patches for 1400 vulnerabilities, including 46 CVEs with known exploits.
-
31 vulnerabilities that got patched in April were red-flagged by CISA.
-
735 Old vulnerabilities have been patched.
-
Microsoft fixed 108 bugs including 5 zero days.
-
Oracle plugged 390 security vulnerabilities.
Weaponized Vulnerabilities
We have 46 vulnerabilities that are known exploits. Here is our analysis –
-
1 CVE is linked to CryptoMix ransomware.
-
5 CVEs were alerted by CISA.
-
5 CVEs have RCE capabilities.
-
1 CVE with Privilege Escalation weakness.
-
2 CVEs are associated with Denial of Service.
-
1 CVE is rated critical and 22 are of high severity.
Old Vulnerabilities Patched in April 2021
735 Old vulnerabilities have been issued security updates ranging from the year 2003 to 2020.
-
1 CVE is linked CrpytoMix ransomware.
-
12 CVEs have been alerted by CISA.
-
19 CVEs are critical and 213 are high severity.
89% of the weaponized vulnerabilities are old weaknesses which shows that attackers systematically target them to exploit.
Microsoft March Patches 2021
Microsoft issued patches for 108 security vulnerabilities, including five Zero days (CVE-2021-2709, CVE-2021-28312, CVE-2021-28437, CVE-2021-28458, CVE-2021-28310)
Oracle April Patches 2021
Oracle rolls out 390 security patches in which 221vulnerabilities are remotely exploitable.
CISA Alerts
31 vulnerabilities have been issued a warning alert by CISA
-
5 CVEs have been weaponized with known exploits.
-
3 CVEs are rated critical, and 9 of high severity.