{"id":8731,"date":"2021-01-13T10:47:02","date_gmt":"2021-01-13T17:47:02","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8731"},"modified":"2023-03-07T16:02:32","modified_gmt":"2023-03-07T23:02:32","slug":"december-2020-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/december-2020-patch-watch-digest\/","title":{"rendered":"December 2020: Patch Watch Digest"},"content":{"rendered":"<h2 dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Highlights of December Digest<\/span><\/span><\/h2>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">27 vendors have released security updates for 746 vulnerabilities, and among them, 55 are known exploits<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">CISA has issued an alert for 53 vulnerabilities that got patched this month<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Microsoft plugged 58 security vulnerabilities<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">185 old vulnerabilities have been patched this month<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 800px; height: 376px;\" src=\"\/wp-content\/uploads\/2022\/10\/dec-digest-highlight3.png\" alt=\"\" \/><\/p>\n<ol>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><a id=\"Findings\" name=\"Findings\"><\/a>We have 56 CVEs that were associated with known exploits. Here is our analysis \u2013<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">4 CVEs have been issued an alert by CISA\u00a0<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">2 CVEs are associated with Remote Code Execution<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">1 CVE with Privilege Escalation<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">10 CVEs are linked with Denial of Service<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">43 CVEs are Webapp exploits.\u00a0<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">4 CVEs are rated critical, 16 with high, and 24 of medium severity<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2022\/10\/weaponized-vulnerabilities-2.png\" alt=\"\" \/><\/span><\/span><\/p>\n<ol start=\"2\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a>185 old vulnerabilities have been patched, ranging from the year 2015 to 2019.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">2 CVEs are associated with Bitpaymer ransomware.<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">15 CVEs have been alerted by CISA<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">19 CVEs are public exploits<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">15 CVEs are critical, 21 are high, and 135 of medium severity<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 600px; height: 399px;\" src=\"\/wp-content\/uploads\/2022\/10\/old-vulnerabilities1.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">In the first 9 months of 2020 alone, organizations and individuals estimated losses of about $6 trillion due to cyber thefts, with organizations deploying the highest level of security also falling susceptible to cyber-attacks. Therefore, organizations are recommended to have a robust cybersecurity policy.<\/span><\/span><\/p>\n<ol start=\"3\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><a id=\"Microsoft Patches\" name=\"Microsoft Patches\"><\/a>Microsoft has released 58 security patches for December.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">1 CVE is associated with Mercury and Muddy water APT group<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">1 CVE with Clop and Ryuk ransomware<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">22 CVEs are Remote Code Execution bugs<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Of these, 9 CVEs are critical, 46 are high, and 3 are rated medium<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<ol start=\"4\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><a id=\"CISA\" name=\"CISA\"><\/a>CISA has issued a security alert for 53 vulnerabilities.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">4 CVEs have known exploits\u00a0<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">2 CVEs are rated critical, 4 CVEs are high, and 18 are medium<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 600px; height: 453px;\" src=\"\/wp-content\/uploads\/2022\/10\/cisalrts1.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">2020 had a surge in ransomware attacks, data breaches, spyware, phishing, and cryptocurrency theft. Need for cyber hygiene is critical as cybercriminals will continue to use any and all vulnerabilities to breach and disrupt.<\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><a id=\"Table\" name=\"Table\"><\/a><\/span><\/span><\/p>\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrhGcBJT1PbmLNUy?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p><strong><span style=\"font-size: 14px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Table: Vulnerability Patches<\/span><\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Highlights of December Digest 27 vendors have released security updates for 746 vulnerabilities, and among them, 55 are known exploits CISA has issued an alert for 53 vulnerabilities that got patched this month Microsoft plugged 58 security vulnerabilities 185 old vulnerabilities have been patched this month We have 56 CVEs that were associated with known [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14443,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8731"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14443"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8731"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}