447 advisories for 67 unique vendors in 286 products and 344 unique versions, while issued 133 rejected advisories.
A zero-day vulnerability in Trend Micro Worry-Free Business Security was reported on March 17th.
Red Hat was the top vendor with most vulnerabilities in Red Hat Enterprise Linux and Fedora Project
20 advisories for Microsoft products, which landed it on 6th top vendor.
Linux-based Operating systems were once again among the top Operating systems with most advisories.
A zero-day vulnerability in Trend Micro Worry-Free Business Security 9.x. The patch for this vulnerability was available on the day of its public disclosure.
An Extremely critical advisory was issued for Microsoft Windows Operating systems. Vulnerabilities in Adobe Type Manager Library can be exploited from remote, which can result in arbitrary code execution.
Update to the version 9.5 B1525 version.
Deploy Microsoft updates for Windows 7, 8.1, 10, and Server 2008, 2012, and 2016.
5 being the highest criticality, the below graph shows the average criticality per vendor, which is sorted based on the number of advisories.
Secunia Research at Flexera categories the severity of vulnerabilities into five criticalities ranging from Extremely to Not Critical. It helps executives, system administrators, and Non-security people to quickly understand the gravity of issues.
1. Extremely Critical, 2. Highly Critical 3. Moderately Critical 4. Less Critical 5. Not Critical
The majority of vulnerabilities can be exploited by remote – 65%.
1. Remote. 2. Local Network. 3. Local System
CVSS is an industry-standard used to rank the severity of a vulnerability. CVSS 3 is the standard.
Here we rank the Vendors and average of CVSS scores for the vulnerabilities reported in their relevant advisories.
87% of vulnerabilities had a vendor patch available, while only 3.2% had no fix while the same amount had a vendor suggested workaround.
A detailed threat score helps security professionals to make the right decision when faced with multiple vulnerabilities at the same time.
4 instances of MyKing Botnet with CVE-2019-12418 in Ubuntu, Gentoo, and Debian, SUSE, Red Hat JBoss.
There was an increase of 20% in advisories in March as compared to February. Relying on Patch-Tuesday to update Microsoft Operating system and products is not enough. An extremely critical advisory was issued as out-of-band for all Microsoft Operating systems.
A comprehensive information system is required, which can help to prioritize remediation based on the actual risk and exploit vector. A complete list of vulnerabilities affected versions, criticality, threat score, and relevant patch information are available in the Software Vulnerability Research and Software Vulnerability Manager solutions from Flexera.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.