Summary of Monthly Vulnerability Insights:
Total advisories: 544 ↓ (last month: 591).
September reported fewer advisories than August, After 9 consecutive months, September is the first month when vendors did not have to disclose Log4j vulnerability information for one of their products.
Important conclusions from this month's report are:
- The Secunia Research Team reported 3 extremely critical advisories.
- 13 Zero-Day Advisory reported (more than double from last month when 6 zero-day advisories were reported)
mostly Microsoft and Apple and 1 for Google.
- Over 1,686 CVEs ( last month: 1,982) were covered in the 544 Advisories
- Threat Intelligence indicates that more Medium and Highly Critical Vulnerabilities are targeted by hackers.
- More than half of all advisories are disclosed by SUSE, Ubuntu (Canonical), IBM, and RedHat
- This month SUSE was identified as the vendor with the most rejected advisories (25 out of 87 advisories)
And the vendor with the most disclosed Advisories (19.04% of all advisories)
- Cisco is contributing to 63.04% of all Networking related Advisories.
Last month we reported that 68.70% of all Secunia Advisories had a Threat ( exploits, malware, ransomware, etc.) associated with them, this month the number has been significantly lower to 59.74%, with an increase in the lower and medium criticality range.
Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.
Software Vulnerability – and Patch Management is becoming more and more important. Due to the ongoing Russia-Ukraine conflict, attacks on critical infrastructures in many countries are increasing. Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for a CVSS score of 7 or higher).
Right now, hackers are able to deploy exploits within 1 week and even within 24 hours. This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)