{"id":8736,"date":"2021-01-08T11:00:20","date_gmt":"2021-01-08T18:00:20","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8736"},"modified":"2023-03-07T16:00:04","modified_gmt":"2023-03-07T23:00:04","slug":"dec-23-patch-watch-security-updates","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/dec-23-patch-watch-security-updates\/","title":{"rendered":"Dec 23: Patch Watch &#038; Security Updates"},"content":{"rendered":"<h2 dir=\"ltr\"><span style=\"font-size: 18px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Highlights of Patch Watch Issue 9<\/span><\/span><\/h2>\n<ul>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">12 vendors including<\/span><\/span><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"> A<\/span><\/span><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">pple,<\/span><\/span><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"> Cisco, Citrix, Adobe, Mozilla, Qnap, HP, Checkpoint, RedHat, and others, have released security updates for 367 vulnerabilities<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">CISA has issued a security alert for 14 vulnerabilities<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">30 CVEs have known exploits<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">101 old vulnerabilities have been patched<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 800px; height: 449px;\" src=\"\/wp-content\/uploads\/2022\/10\/patchwatch-highlights9-2.png\" alt=\"\" \/><\/p>\n<ol>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><a id=\"Findings\" name=\"Findings\"><\/a>Here is our analysis of <strong>367 vulnerabilities <\/strong>that were patched.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul style=\"margin-left: 40px;\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">30 CVEs have publicly known exploits<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">337 are yet to be weaponized<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2022\/10\/weaponized-vulnerabilities-9.png\" alt=\"\" \/><\/span><\/span><\/p>\n<ol start=\"2\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><strong><a id=\"Known exploits\" name=\"Known exploits\"><\/a>30 vulnerabilities<\/strong> are weaponized.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul style=\"margin-left: 40px;\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">CISA has issued warning alerts for 3 vulnerabilities<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">2 CVEs with Remote Code Execution<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">1 CVE with Privilege Escalation and local exploit<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">19 CVEs are associated with Web App exploits<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">6 CVEs are linked with Denial of Service<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">14 CVEs are rated high and 15 CVEs\u00a0of medium severity<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 424px;\" src=\"\/wp-content\/uploads\/2022\/10\/severity-of-weaponized-vulnerabilities.png\" alt=\"\" \/><\/span><\/span><\/p>\n<ol start=\"3\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><strong><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a>101 old vulnerabilities<\/strong> have been released patches ranging from <strong>2015 to 2019.<\/strong><\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<ul style=\"margin-left: 40px;\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">11 CVEs have known exploits<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">4 CVEs have been issued an alert by CISA<\/span><\/span><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Of these, 12 CVEs are critical, 8 are high, and 76 of medium severity<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 600px; height: 463px;\" src=\"\/wp-content\/uploads\/2022\/10\/patchwatch-highlights9.png\" alt=\"\" \/><\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest, with 18.2% of all ransomware attacks. Therefore, it is essential to fix the old vulnerabilities at the earliest as it opens doors to a high rate of ransomware attacks.<\/span><\/span><\/p>\n<ol start=\"4\">\n<li dir=\"ltr\">\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><strong><a id=\"CISA\" name=\"CISA\"><\/a>CISA<\/strong> has issued an alert for <strong>14 vulnerabilities<\/strong>. Out of these, <strong>1 CVE<\/strong> is rated <strong>critical<\/strong>, 1 with high and 6 of medium severity.\u00a0<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 600px; height: 463px;\" src=\"\/wp-content\/uploads\/2022\/10\/cisa-alerts-5.png\" alt=\"\" \/><\/span><\/span><\/p>\n<p><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shriHe1a5PNvDToDQ?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/span><\/span><\/p>\n<p dir=\"ltr\" role=\"presentation\"><span style=\"font-size: 14px;\"><span style=\"font-family: verdana,geneva,sans-serif;\"><strong>Table: Vulnerability\u00a0Patches\u00a0<\/strong><\/span><\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-size: 16px;\"><span style=\"font-family: verdana,geneva,sans-serif;\">Hundreds of patches are released each month for many popular products. Prioritizing the patches based on dangerous exploits, CISA alerts, ransomware &amp; APT group associations will help Security teams fix vulnerabilities that could be potentially used by threat actors.<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Highlights of Patch Watch Issue 9 12 vendors including Apple, Cisco, Citrix, Adobe, Mozilla, Qnap, HP, Checkpoint, RedHat, and others, have released security updates for 367 vulnerabilities CISA has issued a security alert for 14 vulnerabilities 30 CVEs have known exploits 101 old vulnerabilities have been patched Here is our analysis of 367 vulnerabilities that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14453,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8736"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14453"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8736"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}