Important conclusions from this month report are:
- A lower count of advisories this month, however with more extreme critical advisories and more zero-day advisories than we have seen before in the last year.
- Advisories for 93 unique vendors , 387 unique products and 472 unique product versions reported this month.
- About half (50%) of all vulnerabilities reported in this month have a “Remote Attack Vector” which is 10% less compared to last month.
- The Secunia Research Team reported 10 Extremely critical advisories this month which is the highest count since September 2021. ( Apple, Microsoft,WebkitGTK,Google)
- 18 Zero-Day Advisories reported (Apple iOS, Microsoft, Microsoft Windows, Microsoft 365)
- Microsoft Patch Tuesday reported 97 Vulnerabilities (with 114 CVE’s), Secunia research team summarized these into 13 Advisories
- Over 1,429 unique CVE’s ( last month : 1,468) were covered in the 666 Advisories.
- Threat Intelligence indicates that more Moderately Critical Vulnerabilities are targeted by hackers.
- More than half of all advisories are disclosed by a regular group of 4 vendors (SUSE 19%, Ubuntu 12%, RedHat 11% and IBM 11%)
- Juniper, Cisco, F5,Netapp, Fortinet are contributing to more than 75 % of all Networking related Advisories.
Last month we reported that 71.63% of all Secunia Advisories had a Threat ( exploits, malware, ransomware , etc.) associated with them, this month the number has been slightly lower to 71.32%
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing Russia-Ukraine conflict , attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for CVSS score 7 or higher)
Right now , hackers can deploy exploits within 1 week and even within 24 hours . This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)