Highlights of Patch Watch Issue 8
-
19 vendors including Apple, Cisco, Adobe, Chrome, Mozilla, IBM, Microsoft, Checkpoint, RedHat, and others, have released patches and updates for 317 vulnerabilities.
-
Microsoft has released updates for 58 vulnerabilities.
-
14 vulnerabilities are weaponized with known exploits.
-
CISA issued a security alert for 25 vulnerabilities.
-
74 old vulnerabilities are patched.
-
3 CVEs are associated with RYUK, BitPaymer, and CLOP Ransomware.
-
2 CVEs are correlated with Mercury and MuddyWater APT Groups.
-
14 CVEs have publicly known exploits.
-
303 CVEs are yet to be weaponized.
-
Vulnerabilities that had known exploits are associated with Denial of Service and Webapps exploits.
-
22 CVEs are Remote Code Execution bugs.
-
Of these, 9 CVEs are critical, 46 are high, and 3 are rated medium.
These RCE bugs are advised to be prioritized for fixes as they are easily exploitable without user interaction.
Table 1: Microsoft Patches
-
Out of these, 3 CVEs are rated critical, 2 are high, and 7 are medium severity.
-
3 CVEs are associated with Denial of Service
-
11 CVEs are linked with Web App exploits.
Table 2: Weaponized Vulnerabilities
-
3 CVEs are rated high and 12 are of medium.
Table 3: CISA Alerts
Prioritizing the vulnerability using risk-based analysis improves the cybersecurity posture. Therefore, it is important to fix these vulnerabilities first.
-
CVE-2019-8720 and CVE-2019-8625 are associated with the BitPaymer ransomware.2 CVEs are critical, 11 are high and 65 are rated medium.
-
Of these, 7 CVEs are weaponized.
Table 4: Old Vulnerabilities
According to the 2020 survey, 16 billion records have been exposed in the dark web. Cybercriminals are constantly discovering enticing targets to deploy major data hacks. Therefore, it is essential to protect your sensitive data by strengthening your attack surface.
Table 5: Vulnerabilities yet to be Weaponized