Highlights of Patch Watch Issue 17
-
31 vendors released security patches for 771 vulnerabilities, including 122 CVEs with known exploits.
-
275 old vulnerabilities have been patched.
-
40 vulnerabilities that got patched this month are red-flagged by CISA.
-
Microsoft fixed 44 vulnerabilities in August.
Weaponized Vulnerabilities
We have 122 vulnerabilities that are known exploits. Here is our analysis –
-
5 CVEs are associated with ransomware strains that include Maze, Clop, and Sodinokibi.
-
5 CVEs are linked to APT 1, APT 10, TA505, FIN11, Carbanak, and Pinchy Spider.
-
9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT, KURTON, and HELAUTO) are correlated to 5 CVEs.
-
18 CVEs are RCE bugs.
-
19 CVEs have Privilege Escalation capabilities.
-
24 CVEs are linked to Denial of Service attacks.
-
6 CVEs have Cross-Site Scripting possibilities.
-
29 CVEs are rated critical and 53 are high severity.
Securin Alerts
The vulnerabilities CVE-2020-1472, CVE-2021-34527, CVE-2020-0549, CVE-2020-2555, CVE-2020-13935, and CVE-2020-9484 that got patched earlier this month have been pointed out in our Cyber Risk Series. We strongly recommend applying the recent security updates for all these vulnerabilities on high priority.
Old Vulnerabilities
275 Old vulnerabilities have been fixed by 10 vendors, ranging from the year 2002 to 2020.
-
5 CVEs are associated with ransomware strains that include Maze, Clop, and Sodinokibi.
-
5 CVEs are linked to APT 1, APT 10, TA505, FIN11, Carbanak, and Pinchy Spider.
-
9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT, KURTON, and HELAUTO) are correlated to 5 CVEs.
-
15 CVEs are featured by CISA.
-
Of these, 51 CVEs have known exploits.
-
6 CVEs with Privilege Escalation.
-
5 CVEs are Remote Code Execution bugs.
-
38 CVEs are rated critical and 126 are of high severity.
Microsoft August Patches 2021
Microsoft plugged 44 vulnerabilities including 3 zero-days. Of these 44 CVEs, CVE-2021-36942 (PetitPotam) in Windows Update Medic Service with Elevation of Privilege have PoC released in public forums and remain vulnerable to active exploitation. We recommend Microsoft users to address the NTLM problem as top priority.
CISA Alerts
CISA has issued alerts for 40 vulnerabilities, including 1 publicly known exploit.
-
3 CVEs are associated with LockFile, Magniber and ViceSociety Ransomware.
-
CVEs are classified as Remote Code Execution bugs.
-
1 CVEs with Privilege Escalation.
-
9 CVEs are rated critical and 7 are of high severity.
Table: August Security Patches 2021
With ransoms being paid out on a regular basis, hackers have recognized how lucrative these attacks can be. We discovered that ransomware, malware, or APT associations exist in 24 percent of all fixed vulnerabilities, with the number of organizations targeted by threat groups rising rapidly. Therefore, it is advised to have a robust cybersecurity program in place, with security patches being applied aggressively on a daily basis, to be able to stave off an attack.