{"id":8596,"date":"2021-09-08T04:46:01","date_gmt":"2021-09-08T11:46:01","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8596"},"modified":"2023-03-07T15:25:16","modified_gmt":"2023-03-07T22:25:16","slug":"august-15-patch-watch-security-updates","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/august-15-patch-watch-security-updates\/","title":{"rendered":"August 15: Patch Watch & Security Updates"},"content":{"rendered":"
31 vendors released security patches for 771 vulnerabilities, including 122 CVEs with known exploits.<\/p>\n<\/li>\n
275 old vulnerabilities have been patched.<\/p>\n<\/li>\n
40 vulnerabilities that got patched this month are red-flagged by CISA.<\/p>\n<\/li>\n
Microsoft fixed 44 vulnerabilities in August.<\/p>\n<\/li>\n<\/ul>\n
We have 122 vulnerabilities that are known exploits. Here is our analysis \u2013<\/p>\n
5 CVEs are associated with ransomware strains that include Maze, Clop, and Sodinokibi.<\/p>\n<\/li>\n
5 CVEs are linked to APT 1, APT 10,\u00a0 TA505,\u00a0 FIN11, Carbanak, and Pinchy Spider.<\/p>\n<\/li>\n
9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and HELAUTO) are correlated to 5 CVEs.<\/p>\n<\/li>\n
18 CVEs are RCE bugs.<\/p>\n<\/li>\n
19 CVEs have Privilege Escalation capabilities.<\/p>\n<\/li>\n
24 CVEs are linked to Denial of Service attacks.<\/p>\n<\/li>\n
6 CVEs have Cross-Site Scripting possibilities.<\/p>\n<\/li>\n
29 CVEs are rated critical and 53 are high severity.<\/p>\n<\/li>\n<\/ul>\n
\n<\/p>\n
The vulnerabilities CVE-2020-1472<\/a>, CVE-2021-34527<\/a>, CVE-2020-0549<\/a>, CVE-2020-2555,<\/a> CVE-2020-13935<\/a>, and CVE-2020-9484<\/a> that got patched earlier this month have been pointed out in our Cyber Risk Series. \u00a0We strongly recommend applying the recent security updates for all these vulnerabilities on high priority.<\/p>\n 275 Old vulnerabilities have been fixed by 10 vendors, ranging from the year 2002 to 2020.<\/p>\n 5 CVEs are associated with ransomware strains that include Maze, Clop, and Sodinokibi.<\/p>\n<\/li>\n 5 CVEs are linked to APT 1, APT 10,\u00a0 TA505,\u00a0 FIN11, Carbanak, and Pinchy Spider.<\/p>\n<\/li>\n 9 Malware groups (OceanSalt, Auriga, Bangat, BISCUIT, MAPIGET, TARSIP, SEASALT,\u00a0 KURTON, and\u00a0 HELAUTO) are correlated to 5 CVEs.<\/p>\n<\/li>\n 15 CVEs are featured by CISA.<\/p>\n<\/li>\n Of these, 51 CVEs have known exploits.<\/p>\n<\/li>\n 6 CVEs with Privilege Escalation.<\/p>\n<\/li>\n 5 CVEs are Remote Code Execution bugs.<\/p>\n<\/li>\n 38 CVEs are rated critical and 126 are of high severity.<\/p>\n<\/li>\n<\/ul>\n <\/p>\n Microsoft plugged 44 vulnerabilities including 3 zero-days. Of these 44 CVEs, \u00a0CVE-2021-36942<\/a> (PetitPotam)<\/a> in Windows Update Medic Service with Elevation of Privilege have PoC released in public forums and remain vulnerable to active exploitation. We recommend Microsoft users to address the\u00a0 NTLM problem as top priority.<\/p>\n \n CISA has issued alerts for 40 vulnerabilities, including 1 publicly known exploit.<\/p>\n 3 CVEs are associated with LockFile, Magniber and ViceSociety Ransomware.<\/p>\n<\/li>\n CVEs are classified as Remote Code Execution bugs.<\/p>\n<\/li>\n 1 CVEs with Privilege Escalation.<\/p>\n<\/li>\n 9 CVEs are rated critical and 7 are of high severity.<\/p>\n<\/li>\n<\/ul>\n <\/p>\n<\/a>Old Vulnerabilities<\/h2>\n
\n
<\/a>Microsoft August Patches 2021<\/strong><\/h2>\n
<\/a>CISA Alerts<\/h2>\n
\n