Download Ransomware 2021 Spotlight Report

Dec 10: CSW Patch Watch & Security Updates

Posted on 28th Dec, 2020 | By Pavithra Shankar

Highlights of Patch Watch Issue 8

 

  1. Here is our analysis of 317 vulnerabilities that were patched last week.

  • 3 CVEs are associated with RYUK, BitPaymer, and CLOP Ransomware.

  • 2 CVEs are correlated with Mercury and MuddyWater APT Groups.

  • 14 CVEs have publicly known exploits.

  • 303 CVEs are yet to be weaponized.

  • Vulnerabilities that had known exploits are associated with  Denial of Service and Webapps exploits.

  1. Microsoft has released a smaller number of patches for December.

  • 22 CVEs are Remote Code Execution bugs.

  • Of these, 9 CVEs are critical, 46 are high, and 3 are rated medium.

These RCE bugs are advised to be prioritized for fixes as they are easily exploitable without user interaction.

Table 1: Microsoft Patches

  1. 14 vulnerabilities are weaponized.

  • Out of these, 3 CVEs are rated critical, 2 are high, and 7 are medium severity.

  • 3 CVEs are associated with Denial of Service

  • 11 CVEs are linked with Web App exploits.

Table 2: Weaponized Vulnerabilities

  1. CISA has issued security alerts for 25 vulnerabilities.

  • 3 CVEs are rated high and 12 are of medium. 

Table 3: CISA Alerts

Prioritizing the vulnerability using risk-based analysis improves the cybersecurity posture. Therefore, it is important to fix these vulnerabilities first.

  1. 74 old vulnerabilities have been patched, ranging from the year 2015 to 2019.

  • CVE-2019-8720 and CVE-2019-8625 are associated with the BitPaymer ransomware.2 CVEs are critical, 11 are high and 65 are rated medium. 

  • Of these, 7 CVEs are weaponized.

Table 4: Old Vulnerabilities

According to the 2020 survey, 16 billion records have been exposed in the dark web.  Cybercriminals are constantly discovering enticing targets to deploy major data hacks. Therefore, it is essential to protect your sensitive data by strengthening your attack surface. 

Table 5: Vulnerabilities yet to be Weaponized

Test your defense to know how secure you are…