Dec 10: Patch Watch & Security Updates

Highlights of Patch Watch Issue 8

  • 19 vendors including Apple, Cisco, Adobe, Chrome, Mozilla, IBM, Microsoft, Checkpoint, RedHat, and others, have released patches and updates for 317 vulnerabilities.

  • Microsoft has released updates for 58 vulnerabilities.

  • 14 vulnerabilities are weaponized with known exploits.

  • CISA issued a security alert for 25 vulnerabilities.

  • 74 old vulnerabilities are patched.

  1. Here is our analysis of 317 vulnerabilities that were patched last week.

  • 3 CVEs are associated with RYUK, BitPaymer, and CLOP Ransomware.

  • 2 CVEs are correlated with Mercury and MuddyWater APT Groups.

  • 14 CVEs have publicly known exploits.

  • 303 CVEs are yet to be weaponized.

  • Vulnerabilities that had known exploits are associated with  Denial of Service and Webapps exploits.

  1. Microsoft has released a smaller number of patches for December.

  • 22 CVEs are Remote Code Execution bugs.

  • Of these, 9 CVEs are critical, 46 are high, and 3 are rated medium.

These RCE bugs are advised to be prioritized for fixes as they are easily exploitable without user interaction.

Table 1: Microsoft Patches

  1. 14 vulnerabilities are weaponized.

  • Out of these, 3 CVEs are rated critical, 2 are high, and 7 are medium severity.

  • 3 CVEs are associated with Denial of Service

  • 11 CVEs are linked with Web App exploits.

Table 2: Weaponized Vulnerabilities

  1. CISA has issued security alerts for 25 vulnerabilities.

  • 3 CVEs are rated high and 12 are of medium. 

Table 3: CISA Alerts

Prioritizing the vulnerability using risk-based analysis improves the cybersecurity posture. Therefore, it is important to fix these vulnerabilities first.

  1. 74 old vulnerabilities have been patched, ranging from the year 2015 to 2019.

  • CVE-2019-8720 and CVE-2019-8625 are associated with the BitPaymer ransomware.2 CVEs are critical, 11 are high and 65 are rated medium. 

  • Of these, 7 CVEs are weaponized.

Table 4: Old Vulnerabilities

According to the 2020 survey, 16 billion records have been exposed in the dark web.  Cybercriminals are constantly discovering enticing targets to deploy major data hacks. Therefore, it is essential to protect your sensitive data by strengthening your attack surface. 

Table 5: Vulnerabilities yet to be Weaponized

Share This Post On