Dec 23: Patch Watch & Security Updates

Highlights of Patch Watch Issue 9

  • 12 vendors including Apple, Cisco, Citrix, Adobe, Mozilla, Qnap, HP, Checkpoint, RedHat, and others, have released security updates for 367 vulnerabilities

  • CISA has issued a security alert for 14 vulnerabilities

  • 30 CVEs have known exploits

  • 101 old vulnerabilities have been patched

  1. Here is our analysis of 367 vulnerabilities that were patched.

  • 30 CVEs have publicly known exploits

  • 337 are yet to be weaponized

  1. 30 vulnerabilities are weaponized.

  • CISA has issued warning alerts for 3 vulnerabilities

  • 2 CVEs with Remote Code Execution

  • 1 CVE with Privilege Escalation and local exploit

  • 19 CVEs are associated with Web App exploits

  • 6 CVEs are linked with Denial of Service

  • 14 CVEs are rated high and 15 CVEs of medium severity

  1. 101 old vulnerabilities have been released patches ranging from 2015 to 2019.

  • 11 CVEs have known exploits

  • 4 CVEs have been issued an alert by CISA

  • Of these, 12 CVEs are critical, 8 are high, and 76 of medium severity

Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest, with 18.2% of all ransomware attacks. Therefore, it is essential to fix the old vulnerabilities at the earliest as it opens doors to a high rate of ransomware attacks.

  1. CISA has issued an alert for 14 vulnerabilities. Out of these, 1 CVE is rated critical, 1 with high and 6 of medium severity. 

Table: Vulnerability Patches 

Hundreds of patches are released each month for many popular products. Prioritizing the patches based on dangerous exploits, CISA alerts, ransomware & APT group associations will help Security teams fix vulnerabilities that could be potentially used by threat actors.

Share This Post On