{"id":12144,"date":"2022-10-10T05:52:45","date_gmt":"2022-10-10T12:52:45","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=12144"},"modified":"2023-02-17T13:31:38","modified_gmt":"2023-02-17T20:31:38","slug":"dhs-cisa-kevs-weekly-edition-20-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/dhs-cisa-kevs-weekly-edition-20-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 20: Patch Before You Hit the Deadline"},"content":{"rendered":"<p dir=\"ltr\">This week (Oct 3, 2022 &#8211; Oct 7, 2022), there are 8 vulnerabilities that are recommended to be patched by CISA. These vulnerabilities are especially important as they are found in popular vendor products used for both official and personal purposes.<\/p>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">We further analyzed these 8 KEVs and found that:<\/p>\n<p><img decoding=\"async\" style=\"width: 750px; height: 410px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-20\/patchwatch-1-1.png\" alt=\"\" \/><\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">The vulnerabilities affect 443 products which are actively used in organizations.\u00a0 CVE-2013-6282, a Linux Kernel vulnerability has 187 affected products.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">CVE-2010-2568 is a vulnerability exploited by the Equation APT group. It has existed for more than a decade in 23 products. It also has the highest number of exploits (7) among these CVEs.<\/p>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">How Far Back Do They Go?<\/h2>\n<p dir=\"ltr\">A majority of these vulnerabilities (5) are old and will have more exploits among them, making easy targets for hackers.<\/p>\n<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 440px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-20\/patchwatch-2-1.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\">Which Vendors Are Affected?<\/h2>\n<p dir=\"ltr\">Linux has the most number of vulnerabilities (3) that need to be patched this week. All these vulnerabilities which need immediate attention, are from 2013.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 366px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-20\/patchwatch-3-1.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">Organizations must keep themselves up-to-date with these vendor advisories and upgrade their products as and when new patches are released.<\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">Severity Scores<\/h2>\n<p dir=\"ltr\">Patching these vulnerabilities is of high priority, as they rank high and\/or critical on the CVSS scoring scale. Exploiting such vulnerabilities will allow attackers to cause maximum damage to their victim networks.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 417px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-20\/patchwatch-4-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\">Software Weaknesses<\/h2>\n<p dir=\"ltr\">The following CWEs have caused the vulnerabilities that need to be patched this week. From our analysis, some CVEs have more than one software weakness which allows multiple initial access entry points.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 247px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-20\/patchwatch-5-1.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">CVE-2022-37969 does not have any CWE associated with it.<\/p>\n<p>&nbsp;<\/p>\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrZiEl0ntCq8GZmF?backgroundColor=blue&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><strong>Table: DHS CISA KEVs<\/strong><\/p>\n<p dir=\"ltr\">We urge organizations to implement patches for these CVEs at the earliest. With CSW\u2019s threat-based approach and vulnerability intelligence, security teams can prioritize the threats, including all KEVs, and minimize their attack surface.<\/p>\n<p dir=\"ltr\">For the latest news regarding vulnerabilities that are exploited and critical threats, read our blog on <a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-october-3-2022-october-7-2022.html\">Weekly Threat Intelligence<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This week (Oct 3, 2022 &#8211; Oct 7, 2022), there are 8 vulnerabilities that are recommended to be patched by CISA. These vulnerabilities are especially important as they are found in popular vendor products used for both official and personal purposes. &nbsp; We further analyzed these 8 KEVs and found that: The vulnerabilities affect 443 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14436,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/12144"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14436"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=12144"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=12144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}