Nov 23: CSW Patch Watch & Security Updates

Highlights of the Patch Watch Issue 7

  1. Here is our analysis of these 261 vulnerabilities that got patched this week –
  • 33 CVEs have known exploits
  • 228 CVEs are yet to be weaponized
  • 27 CVEs are rated critical, 51 CVEs are of high severity.
  • Vulnerabilities that had known exploits are associated with Denial of Service, Remote Code Execution, Web apps, and others.

  1. Among the 33 weaponized vulnerabilities –
  • 30 CVEs were patched by Check Point
  • 16 CVEs are linked with Web App exploits
  • 13 CVEs have Remote Code Execution flaw
  • 3 CVEs were associated with Denial of Service
  • 1 CVE can be exploited in any form.

82% of vulnerabilities are associated with Web application exploits where attackers can infect computers with malware, stage phishing attacks to grab credentials, and perform actions posing as the user.

Table 1: Weaponized Vulnerabilities

  1. CISA has issued alerts for 32 vulnerabilities and has urged to evaluate cyber-risk on your valuable assets.

Table 2: CISA Alerts

  1. We have 52 old vulnerabilities patched for this week, ranging from 2010 – 2019.
  • Out of 52 CVEs, 6 CVEs are critical, 13 CVEs are ranked high, 28 with medium severity, and 4 of low.

Table 3: Old Vulnerabilities

Prioritization on unpatched old vulnerabilities is important as the risk of having those vulnerabilities exploited by threat actors are higher than ever.

Table 4: Vulnerabilities yet to be Weaponized

Cyber hygiene has become a catchphrase this year and with good reason. Most organizations donโ€™t practice it and therefore fall prey to cyber-attacks. Securing your attack surface is always better than dealing with the aftermath of an incident.

Happy Patching

Team CSW

Share This Post On