Oct 21: CSW Patch Watch & Security Updates
Posted on 16th Nov, 2020 | By Pavithra Shankar
Highlights of Patch Watch Issue 5
272 vulnerabilities are remotely exploitable flaws with no authentication.
82 vulnerabilities have critical severity, in which two CVEs rank with CVSS V3 score of 10.
65 CVEs have CVSS V3 score between 9.4 and 9.8.
In the quarterly patch bundle, oracle has released two advisories: a new one which details patches for security gaps in third-party components that are not exploitable as implemented in Oracle products and the traditional advisory.
7 Hotfixes, 417 Patches and, 240 Updates in this week
641 vulnerabilities are yet to be weaponized.
22 vulnerabilities have known exploits and are weaponized.
Exploited vulnerabilities are associated with Remote Code Evaluation (RCE), WEB APP exploits, DoS/RCE, Privilege Execution, Denial of Service, and LOCAL Exploits.
Table 1: Old Vulnerabilities
Table 2: CISA Alerts
The following CVEs have been issued security patches and updates for the second time in the same month. Know more about the previous updates -
Patch Watch Issue 3 CVEs
Patch Watch Issue 4 CVEs
Fixing weaponized vulnerabilities is essential as these vulnerabiliites have many known exploits and can be exploited easily.Table 3: Weaponized Vulnerabilities
Based on a security survey, 11,121 vulnerabilities has been disclosed in first half of this year in which Microsoft and Oracle are responsible for 818 vulnerabilities.
Table 4 Vulnerabilities yet to Be Weaponized
Threat actors this year have consistently gone after old vulnerabilities to deliver ransomware and malware infections which makes patching optimal to cyber hygiene.