Highlights of March Digest
Weaponized Vulnerabilities
We have 116 vulnerabilities with known exploits. Here is our analysis โ
-
2 CVEs are associated with DearCry ransomware, 10 APT Groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, Vicious Panda Group), and 2 malwares (PlugX & ShadowPad Malware).
-
3 CVE has been alerted by CISA.
-
9 CVEs have Privilege Escalation capabilities.
-
13 CVEs are associated with Remote Code Execution.
-
14 CVEs have Denial of Service.
-
8 CVEs are linked to SQL Injection.
-
47 CVEs are rated high.
Click here for our analysis and download patches.
Old Vulnerabilities Patched in March 2021
510 Old vulnerabilities have been issued security updates ranging from the year 2010 to 2020.
-
3 CVEs are linked to BitPaymer and RansomExx ransomware.
-
6 CVEs have been alerted by CISA.
-
4 CVEs have PE capabilities.
-
3 CVEs are RCE bugs.
-
13 CVEs have Denial of Service.
-
103 CVEs are critical and 320 medium severity.
-
Out of 510 Old vulnerabilities, 76 have known exploits.
Click here for our analysis and download patches.
Microsoft March Patches 2021
Microsoft issued patches for 89 security vulnerabilities, including two zero-day.
Check out our Microsoft Patch Watch edition hereย ย
CISA Alerts
24 vulnerabilities have been red-flagged by CISA.
-
3 CVEs have been weaponized with RCE/PE.
-
4 CVEs are associated with DearCry ransomware, 10 APT Groups (Hafnium, Winnti Group, Tick, LuckyMouse, Websiic, Calypso, Tonto Team, Mikroceen, Vicious Panda Group), and 2 malware (PlugX & ShadowPad Malware).
-
9 CVEs are rated high, and 6 of medium severity.
Click here for our analysis and download patches.
Table: March 2021 Security Patches
Threat actors need only one vulnerability to exploit and get into the system. Today, the only way to get around this problem is to apply patches whenever the vendor releases them.
Worried about vulnerability management.ย Talk to us.