Highlights of the Patch Watch Issue 7
- 13 Vendors including Apple, Cisco, Citrix, Chrome, Mozilla, Sonic Wall, Drupal, Checkpoint, RedHat, and others have released patches and updates for 261 vulnerabilities.
- 33 vulnerabilities are weaponized with known exploits.
- CISA issued a warning alert for 32 vulnerabilities.
- 52 Old vulnerabilities are patched this week.
- 33 CVEs have known exploits
- 228 CVEs are yet to be weaponized
- 27 CVEs are rated critical, 51 CVEs are of high severity.
- Vulnerabilities that had known exploits are associated with Denial of Service, Remote Code Execution, Web apps, and others.
- 30 CVEs were patched by Check Point
- 16 CVEs are linked with Web App exploits
- 13 CVEs have Remote Code Execution flaw
- 3 CVEs were associated with Denial of Service
- 1 CVE can be exploited in any form.
82% of vulnerabilities are associated with Web application exploits where attackers can infect computers with malware, stage phishing attacks to grab credentials, and perform actions posing as the user.
Table 1: Weaponized Vulnerabilities
- CISA has issued alerts for 32 vulnerabilities and has urged to evaluate cyber-risk on your valuable assets.
Table 2: CISA Alerts
- Out of 52 CVEs, 6 CVEs are critical, 13 CVEs are ranked high, 28 with medium severity, and 4 of low.
Table 3: Old Vulnerabilities
Prioritization on unpatched old vulnerabilities is important as the risk of having those vulnerabilities exploited by threat actors are higher than ever.
Table 4: Vulnerabilities yet to be Weaponized
Cyber hygiene has become a catchphrase this year and with good reason. Most organizations don’t practice it and therefore fall prey to cyber-attacks. Securing your attack surface is always better than dealing with the aftermath of an incident.