Some users may experience issues accessing the case portal. For more information, please click here.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Vulnerability Insights: November 2022

raslam
Level 7 Flexeran
Level 7 Flexeran
0 0 291

Summary

Total advisories: 689 (last month: 660).

November reported more advisories than October,

Important conclusions from this month's report are:

  • 153 rejected advisories, which is the highest monthly count recorded. Read more about it on p.9
  • The Secunia Research Team reported 8 Extremely critical advisories this month (3 last month)
  • 8 Zero-Day Advisory reported (incl. Microsoft Edge, Google Chrome, and Windows Server)
  • Over 1,620 CVEs ( last month: 1,538) were covered in the 689 Advisories
  • Threat Intelligence indicates that more Medium and Highly Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by only 3 vendors (Red Hat 23%, SUSE 20%, IBM 10%)
  • This month both Red Hat (33out of 153) and Suse (32 out of 153) were identified as the vendors with the most rejected advisories
  • Cisco is contributing to 55.1% of all Networking related Advisories.

Last month we reported that 69.09% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been lower to 59.22%, with only an increase in the Very Critical (highest) Threat Score Advisories.

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing.Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher)

Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)

Noticeable information this month:

  • Google Chrome continues to disclose zero-day vulnerabilities with #8 in November and counting
  • Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. (report)
  • VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software (advisory)
  • Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products (Security Bulletin)
  • Log4Shell: Most firms are still exposed to attack, according to Tenable, 72% of organizations are still vulnerable to Log4j as of Oct. 1 (article)

Interesting sources of information: