Advisories for 90 unique vendors, 324 unique products and 409 unique product versions reported this month.
Almost 52.19% of all vulnerabilities reported in this month have a “Remote Attack Vector” (last month 58%)
The Secunia Research Team reported 8Extremely critical advisories this month. (Last month: 5)
8Zero-Day Advisories reported (last month: 10)
Microsoft Patch Tuesday reported 79 CVE’s, Secunia research team summarized these into 17 Advisories including 1 rejection advisory.
Over 1,741 unique CVE’s (last month: 2,105) were covered in the 732 Advisories.
Threat Intelligence indicates again that more Moderately Critical Vulnerabilities are targeted by hackers.
More than half of all advisories are disclosed by 4 vendors (SUSE 19.24%, Red Hat 14.8%, IBM 12.5% and Amazon.com 12.34% )
Interestingly some these vendors are also the ones with the most rejected advisories:
Amazon: 25 out of 75 advisories were rejected by the Secunia Research Team
SUSE: 24 out of 117 advisories were rejected.
NetApp and Cisco are contributing to exactly 50% of all Networking related Advisories this month.
Last month we reported that 74.18% of all Secunia Advisories had a Threat (exploits, malware, ransomware, etc.) associated with them, this month the number has been higher to 77.46%
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing global threats, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for CVSS score 7 or higher) Right now, hackers can deploy exploits within 1 week and even within 24 hours . This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)