cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jbraak
By Level 5 Flexeran
Level 5 Flexeran

Important conclusions from this month report are:

  • A lower count of advisories this month, however with more extreme critical advisories and more zero-day advisories than we have seen before in the last year.
  • Advisories for 93 unique vendors , 387 unique products and 472 unique product versions reported this month.
  • About half (50%) of all vulnerabilities reported in this month have a “Remote Attack Vector” which is 10% less compared to last month.
  • The Secunia Research Team reported 10 Extremely critical advisories this month which is the highest count since September 2021. ( Apple, Microsoft,WebkitGTK,Google)
  • 18 Zero-Day Advisories reported (Apple iOS, Microsoft, Microsoft Windows, Microsoft 365)
  • Microsoft Patch Tuesday reported 97 Vulnerabilities (with 114 CVE’s),  Secunia research team summarized these into 13 Advisories
  • Over 1,429 unique CVE’s ( last month : 1,468) were covered in the 666 Advisories.
  • Threat Intelligence indicates that more Moderately Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by  a regular group of 4 vendors (SUSE 19%, Ubuntu 12%, RedHat 11% and IBM 11%)
  • Juniper, Cisco, F5,Netapp, Fortinet are contributing to more than 75 % of all Networking related Advisories.

Last month we reported that 71.63% of all Secunia Advisories had a Threat ( exploits, malware, ransomware , etc.) associated with them, this month the number has been slightly lower to 71.32%

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing Russia-Ukraine conflict , attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for CVSS score 7 or higher)
Right now , hackers can deploy exploits within 1 week and even within 24 hours . This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)