{"id":8610,"date":"2021-08-13T05:05:29","date_gmt":"2021-08-13T12:05:29","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8610"},"modified":"2023-03-03T14:29:07","modified_gmt":"2023-03-03T21:29:07","slug":"july-2021-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/july-2021-patch-watch-digest\/","title":{"rendered":"July 2021: Patch Watch Digest"},"content":{"rendered":"<h2 dir=\"ltr\"><strong><img decoding=\"async\" style=\"width: 800px; height: 380px;\" src=\"\/wp-content\/uploads\/2015\/11\/pw-1-1-1.png\" alt=\"\" \/><\/strong><\/h2>\n<h2 dir=\"ltr\"><strong>Highlights of July Digest<\/strong><\/h2>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Weaponized Vulnerabilities\">38 vendors released security patches for 1877 vulnerabilities, including 231 CVEs with known exploits.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#CISA Alerts\">110 vulnerabilities that got patched in July were red-flagged by CISA.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Old CVEs\">813 old vulnerabilities have been patched.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Microsoft CVEs\">Microsoft fixed 117 bugs, including 9 zero days.<\/a><\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"#Oracle CVEs\">Oracle rolled out 342 security patches in July.<\/a><\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><a id=\"Weaponized Vulnerabilities\" name=\"Weaponized Vulnerabilities\"><\/a><strong>Weaponized Vulnerabilities<\/strong><\/h2>\n<p dir=\"ltr\">We have 231 vulnerabilities that are known exploits. Here is our analysis \u2013<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">4 CVEs are associated with Maze Ransomware, APT 1, and 9 Malwares (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and\u00a0 HELAUTO).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">40 CVEs are classified as Remote Code Execution.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">28 CVEs have Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">40 CVEs with Buffer Overflow.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">36 CVEs are linked to Denial of Service.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">87 CVEs fall into other categories.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Of these 231 CVEs, seven are alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">29 CVEs are rated critical and 73 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-2-9.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><strong><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a>Old Vulnerabilities<\/strong><\/h2>\n<p dir=\"ltr\">Security updates for 813 old vulnerabilities (ranging from 2008 to 2020) have been released.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">7 CVEs are associated with Maze Ransomware, APT 1, and 9 Malwares (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and\u00a0 HELAUTO).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">156 CVEs have publicly known exploit code.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">18 CVEs are Remote Code Execution bugs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">18 CVEs are classified as Privilege Escalation.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">35 CVEs have been alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">115 CVEs are rated critical and 309 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 390px;\" src=\"\/wp-content\/uploads\/2015\/11\/pw-6.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><a id=\"CISA Alerts\" name=\"CISA Alerts\"><\/a><strong>CISA Alerts<\/strong><\/h2>\n<p>CISA has issued alerts for 110 vulnerabilities, including 14 publicly known exploits.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs are associated with Maze Ransomware, APT 1, and 9 Malwares (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and\u00a0 HELAUTO).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">4 CVEs are classified as Remote Code Execution bugs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs with Privilege Escalation.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">14 CVEs are rated critical and 80 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"width: 550px; height: 441px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-3-4.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><a id=\"Oracle CVEs\" name=\"Oracle CVEs\"><\/a><strong>Oracle July Critical Patch Update 2021<\/strong><\/h2>\n<p>Oracle plugged 342 security vulnerabilities in July.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">57 CVEs have publicly known exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">49 CVEs are rated critical.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">16 CVEs have been alerted by CISA.<\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"width: 550px; height: 301px;\" src=\"\/wp-content\/uploads\/2015\/11\/pw-5.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/csw-patch-watch\/july-oracle-patches-342-security-vulnerabilities.html\">Check out our Oracle Critical Patch Update edition here.<\/a><\/p>\n<h2 dir=\"ltr\"><a id=\"Microsoft CVEs\" name=\"Microsoft CVEs\"><\/a><strong>Microsoft July Patches 2021<\/strong><\/h2>\n<p dir=\"ltr\">Microsoft fixed 117 security vulnerabilities, including nine zero-days.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">43 CVEs classified as RCE bugs.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">13 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" style=\"width: 550px; height: 544px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-4-4.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/csw-patch-watch\/july-microsoft-patches-117-security-vulnerabilities.html\">Check out our Microsoft patch watch edition here.<\/a><\/p>\n<p dir=\"ltr\">\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrWepgmpSstLNcAZ?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\"><strong>Table: July Security Patches 2021<\/strong><\/p>\n<p dir=\"ltr\">We noticed 32% of the weaponized vulnerabilities discovered in 2021 were patched in July. The rate at which attackers release exploit code is rising all the time. Sometimes, however, the window of opportunity from the time a vulnerability is disclosed publicly to just before an attack hits is too short for patching to be feasible. Therefore, we recommend users to patch all July security vulnerabilities before malicious actor exploits.<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><span style=\"font-size: 18px;\"><strong>Does your organization have a patch management program? <a href=\"https:\/\/cybersecurityworks.com\/get-quote.php\">Talk to CSW\u2019s Experts to prioritize the threats that need immediate attention!<\/a><\/strong><\/span><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\">\n","protected":false},"excerpt":{"rendered":"<p>Highlights of July Digest 38 vendors released security patches for 1877 vulnerabilities, including 231 CVEs with known exploits. 110 vulnerabilities that got patched in July were red-flagged by CISA. 813 old vulnerabilities have been patched. Microsoft fixed 117 bugs, including 9 zero days. Oracle rolled out 342 security patches in July. Weaponized Vulnerabilities We have [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14443,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[288],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8610"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14443"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8610"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}