{"id":8442,"date":"2021-06-18T13:17:10","date_gmt":"2021-06-18T20:17:10","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8442"},"modified":"2023-03-03T14:26:57","modified_gmt":"2023-03-03T21:26:57","slug":"may-2021-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/may-2021-patch-watch-digest\/","title":{"rendered":"May 2021: Patch Watch Digest"},"content":{"rendered":"<h2 dir=\"ltr\"><img decoding=\"async\" style=\"width: 800px; height: 491px;\" src=\"\/wp-content\/uploads\/2022\/10\/pw-1.png\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\"><strong>Highlights of May Digest<\/strong><\/h2>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong><a href=\"#Weaponized Vulnerabilities\">26 vendors released security patches for 811 vulnerabilities, including 150 CVEs with known exploits.<\/a><\/strong><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong><a href=\"#CISA\">4 vulnerabilities that got patched in May were red-flagged by CISA.<\/a><\/strong><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong><a href=\"#Old CVEs\">343 Old vulnerabilities have been patched.<\/a><\/strong><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><strong><a href=\"#Microsoft Patches\">Microsoft fixed 55 bugs, including 3 zero days.<\/a><\/strong><\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><a id=\"Weaponized Vulnerabilities\" name=\"Weaponized Vulnerabilities\"><\/a><strong>Weaponized Vulnerabilities<\/strong><\/h2>\n<p>We have 150 vulnerabilities that are known exploits. Here is our analysis\u00a0 \u2013<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">62 CVEs have RCE capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">17 CVE with Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">33 CVEs are associated with Denial of Service.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">27 are linked to Webapp exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">19 CVEs are rated critical and 42 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\">Interestingly, when we looked at this data for our patchwatch blogs in May, we found that 33 vulnerabilities were weaponized. By the end of the month when we analyzed the data again we see that 150 vulnerabilities now have known exploits. The rate of weaponization rose from 3% to 19% within a month therefore we urge security teams to prioritize these vulnerabilities for patches.<\/p>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2022\/10\/pw-2-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a><strong>Old Vulnerabilities Patched in May 2021<\/strong><\/h2>\n<p dir=\"ltr\">Security updates for 346 old vulnerabilities (ranging from 2004 to 2020) have been released.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">102 CVEs have known exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">38 CVEs are classified as RCE bugs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">14 CVEs linked with Privilege escalation.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs have been alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">26 CVE is rated critical and 75 of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 448px;\" src=\"\/wp-content\/uploads\/2022\/10\/pw-4.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<h2 dir=\"ltr\"><a id=\"Microsoft Patches\" name=\"Microsoft Patches\"><\/a><strong>Microsoft May Patches 2021<\/strong><\/h2>\n<p dir=\"ltr\">Microsoft issued patches for 55 security vulnerabilities, including three zero-days \u00a0(<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-31207\">CVE-2021-31207<\/a>,\u00a0 <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-31200\">CVE-2021-31200<\/a>,\u00a0 <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-31204\">CVE-2021-31204<\/a>).<\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/csw-patch-watch\/may-microsoft-patches-55-security-vulnerabilities.html\">Check out our Microsoft patch watch edition here.<\/a><\/p>\n<h2 dir=\"ltr\"><a id=\"CISA\" name=\"CISA\"><\/a><strong>CISA Alerts<\/strong><\/h2>\n<p dir=\"ltr\">CISA has published warning alerts for 4 vulnerabilities (<a href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/ICSA-18-088-02\">CVE-2021-1531<\/a>, <a href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/ICSA-17-180-02\">CVE-2020-7774<\/a>, <a href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/ICSA-11-307-01\">CVE-2020-4033<\/a>, <a href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/icsa-19-311-01\">CVE-2021-21101<\/a>) &#8211;<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVEs has been weaponized with Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVEs is rated critical, and 2 of high severity.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">The Common Weakness Enumeration (CWE) assigned to these vulnerabilities are CWE-78, CWE &#8211; 79, CWE &#8211; 20, and CWE &#8211; 125. Notably, these all are classified under the <a href=\"https:\/\/cwe.mitre.org\/top25\/archive\/2020\/2020_cwe_top25.html\">2020 CWE Top 10 Most Dangerous Software Weaknesses<\/a>.<\/p>\n<\/li>\n<\/ul>\n<p><a href=\"#Airtable\">Click here for our analysis and download patches.<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><a id=\"Airtable\" name=\"Airtable\"><\/a><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrdEoYkI3zsbI9Lz?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\"><strong>Table: May 2021 Security Patches<\/strong><\/p>\n<p dir=\"ltr\">Today, organizations need to adopt a risk-based approach to patch the most critical vulnerabilities based on threat context, ransomware, and APT associations. CSW\u2019s Patch Watch helps organizations prioritize vulnerabilities and improve their security posture and stay safe from attacks and breaches.\u00a0 <a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/\">Get on our mailing list for more information about emerging threats.<\/a><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><span style=\"font-size: 20px;\"><strong>Does your organization have a patch management program? <a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to CSW\u2019s Experts to prioritize the threats that need immediate attention!<\/a><\/strong><\/span><\/p>\n<p dir=\"ltr\">\n","protected":false},"excerpt":{"rendered":"<p>Highlights of May Digest 26 vendors released security patches for 811 vulnerabilities, including 150 CVEs with known exploits. 4 vulnerabilities that got patched in May were red-flagged by CISA. 343 Old vulnerabilities have been patched. Microsoft fixed 55 bugs, including 3 zero days. Weaponized Vulnerabilities We have 150 vulnerabilities that are known exploits. Here is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14443,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[288],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8442"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14443"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8442"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}