This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Software Vulnerability Insights - November 2023

jbraak
By Level 5 Flexeran
Level 5 Flexeran

Total advisories:  996 (last month: 1,055).

Again, a very busy month, with 996 advisories being reported this month, ranking this month as the second highest number of advisories recorded in a month since 2002.

2022 was already the record-breaking year with the highest number of Secunia Advisories reported,
however 2023 has already exceeded 2022 in November YTD by 33.1%.
2023 is on its way to crush 2022 with an approx. 33%-35% increase!

Important conclusions from this month report are:

  • Almost 54.22% of all vulnerabilities reported in this month have a “Remote Attack Vector” (last month 56.87%)
  • The Secunia Research Team reported 8 Extremely critical advisories this month. (Last month: 6)
  • Only 7 Zero-Day Advisories reported. (last month :18) for Google Chrome and Microsoft Windows
  • Over 1,708 unique CVE’s (last month: 1,857) were covered in the 996 Advisories.
  • Threat Intelligence indicates again that Moderately Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by these 5 usual suspect vendors (Suse, Oracle, Amazon, RedHat and Ubuntu)
  • Interestingly among these vendors are also the ones with the most rejected advisories:
    • RedHat:   40 out of 142 advisories were rejected by the Secunia Research Team.
    • Amazon: 20 out of 142
    • Ubuntu:   16 out of 142
    • SUSE:       13 out of 142
  • Cisco contributed to more than 58% of all Networking related Advisories this month.

Last month we reported that 73.36% of all Secunia Advisories had a Threat (exploits, malware, ransomware, etc.) associated with them, this month the number has been a little lower to 72.99%

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing global threats, attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for CVSS score 7 or higher)
Right now, hackers can deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)

‎Dec 02, 2023 09:10 AM
Preview file
1126 KB