{"id":8801,"date":"2020-10-01T13:52:30","date_gmt":"2020-10-01T20:52:30","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8801"},"modified":"2023-03-03T14:18:41","modified_gmt":"2023-03-03T21:18:41","slug":"sep-23-security-updates-patch-highlights","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/sep-23-security-updates-patch-highlights\/","title":{"rendered":"Sep 23: CSW Patch Watch & Security Updates"},"content":{"rendered":"

CSW Patch Watch<\/strong><\/span><\/span><\/p>\n

Last week, Apple, CISCO, Google, Linux, and many other popular vendors released advisories for 105 vulnerabilities.\u00a0<\/strong><\/span><\/span><\/p><\/blockquote>\n

Here is our analysis about these vulnerabilities –<\/span><\/span><\/p>\n

    \n
  1. From among 105 vulnerabilities that were in focus this week, there were –<\/strong><\/span><\/span>\n
      \n
    1. 38<\/strong> Hotfixes<\/span><\/span><\/li>\n
    2. 2<\/strong> Patches<\/span><\/span><\/li>\n
    3. 65<\/strong> updates\u00a0<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n
    4. We delved further and analyzed these\u00a0vulnerabilities and here are our findings –<\/strong><\/span><\/span>\n
        \n
      1. 37<\/strong> vulnerabilities have known exploits and are weaponized<\/span><\/span><\/li>\n
      2. 68<\/strong> vulnerabilities are yet to be weaponized<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n
      3. Among these 37 weaponized vulnerabilites we found –<\/strong><\/span><\/span>\n
          \n
        1. 6<\/strong> CVEs have RCE capabilities\u00a0enabling the attacker to execute arbitrary code<\/span><\/span>\n
            \n
          1. CVE-2020-15962<\/a> (Google)<\/span><\/span><\/li>\n
          2. CVE-2018-1000861 – 1<\/a>, 2<\/a>, 3<\/a> (Checkpoint)<\/span><\/span><\/li>\n
          3. CVE-2015-2419<\/a> (Checkpoint)<\/span><\/span><\/li>\n
          4. CVE-2020-16875<\/a>\u00a0(Checkpoint)<\/span><\/span><\/li>\n
          5. CVE-2020-10673 – 1<\/a>, 2<\/a> (RedHat)<\/span><\/span><\/li>\n
          6. CVE-2020-11113<\/a> (RedHat)<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n
          7. Two CVEs are associated with ransomware<\/strong><\/span><\/span>\n
              \n
            1. Checkpoint\u2019s CVE-2015-2419<\/a> (TeslaCrypt Ransomware)<\/span><\/span><\/li>\n
            2. Checkpoint’s CVE-2020-16875<\/a> (Zeppelin Ransomware)\u00a0<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n
            3. We also found that an alert had been issued for one of the vulnerabilities by CISA –<\/strong><\/span><\/span>\n
                \n
              1. CVE-2020-1472<\/a>\u00a0– a\u00a0design weakness in the Netlogon Remote Protocol login process\u00a0\u00a0<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n
              2. We also found\u00a0that 35 old\u00a0vulnerabilities (out of 105) ranging from years 2015 to 2019 –<\/strong><\/span><\/span>\n
                  \n
                1. One<\/strong> old vulnerability is associated with ransomware –<\/span><\/span>\n