Marchhas reported719advisories, replacing February asthe third-highestnumber of advisories since the Secunia Research Team started in 2002.(#1 : July’20, #2: April’20)
Importantconclusionsfrom this month's report are:
March is the 4th monthin a row to show an increase in advisories, zero-days, and threats
Vulnerabilities were reported this month for91vendors,338products, and415Product versions.
More than 60%of all advisories (rejected advisories not included) have vulnerabilities that can be attacked from Remote. From remote describes vulnerabilities where the attack vector does not require access to the system nor a local network. This category covers services, which are acceptable to expose to the Internet (for example, HTTP, HTTPS, SMTP) as well as client applications used on the Internet and certain vulnerabilities, where it is reasonable to assume that a security-conscious user can be tricked into performing certain actions.
The Secunia Research Team reportednoExtremelycritical advisories this month (5 last month)
7Zero-DayAdvisories reported (Apple iOS, Microsoft, Microsoft Windows, Microsoft 365)
MicrosoftPatch Tuesday reported80Vulnerabilities (with98CVE’s), Secunia research teamsummarized these into16Advisories
Over1,468 uniqueCVE’s ( last month :1,233) were covered in the719Advisories.
Threat Intelligence indicates that moreModerately Critical Vulnerabilitiesare targeted by hackers.
More than half of all advisories are disclosed by 3 vendors (SUSE20%,Ubuntu20%,IBM12%)
Cisco and NetAppare contributing to more than50%of all Networking related Advisories.
Last month we reported that74.19%of all Secunia Advisories had aThreat( exploits, malware, ransomware, etc.) associated with them, this month the number has been slightlylowerto71.63%
Using Threat Intelligence is going to help you with prioritizing what needs to bepatchedimmediately.
Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing.Back in 2019 (just before Covid), patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)
Right now, hackers can deploy exploitswithin 1 weekand even within24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)