This is the 8th edition of our patch watch blogs. We bring this to you so you can be aware of the vulnerabilities you need to patch in that week. These are recommended by the US Cybersecurity and Infrastructure Security Agency (CISA) and this week, (June 20 to June 26, 2022) 36 vulnerabilities need to be patched.
The federal agencies are required to meet this deadline and ensure that the patches are deployed and their systems protected against malicious attacks.
We analysed the CISA Known Exploited Vulnerabilities (KEVs) and found that –
How Far Back Do They Go?
Of the 36 KEVs, 35 CVEs are old vulnerabilities dating from 2006 to 2021, with a patch deadline of June 22, 2022.
Which Vendors Are Affected?
CVEs with a patch deadline of June 22, 2022 are associated with 7 prominent vendors such as Google, Microsoft, CISCO, etc. Here’s the entire list of vendors:
Severity Scores
All the vulnerabilities lie in either the high or critical range and need to be patched without delay.
Software Weaknesses
The following CWEs are associated with a number of vulnerabilities that need to be patched this week.
Table: DHS CISA KEVs
This week, the patches are recommended for very critical vulnerabilities and based on our analyzes, they are present in major vendors such as Google, Microsoft, etc. Since they are widely used everywhere, the systems are under imminent attack. Therefore, it is essential that public and private organizations dedicate resources to identify and patch these vulnerabilities as soon as possible.
To know more about our CISA known exploited vulnerabilities catalog analysis and vulnerabilities to be patched in June Month. Click here