This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Monthly Software Vulnerability Insights - April 2023

jbraak
By Level 4 Flexeran
Level 4 Flexeran

Important conclusions from this month report are:

  • A lower count of advisories this month, however with more extreme critical advisories and more zero-day advisories than we have seen before in the last year.
  • Advisories for 93 unique vendors , 387 unique products and 472 unique product versions reported this month.
  • About half (50%) of all vulnerabilities reported in this month have a “Remote Attack Vector” which is 10% less compared to last month.
  • The Secunia Research Team reported 10 Extremely critical advisories this month which is the highest count since September 2021. ( Apple, Microsoft,WebkitGTK,Google)
  • 18 Zero-Day Advisories reported (Apple iOS, Microsoft, Microsoft Windows, Microsoft 365)
  • Microsoft Patch Tuesday reported 97 Vulnerabilities (with 114 CVE’s),  Secunia research team summarized these into 13 Advisories
  • Over 1,429 unique CVE’s ( last month : 1,468) were covered in the 666 Advisories.
  • Threat Intelligence indicates that more Moderately Critical Vulnerabilities are targeted by hackers.
  • More than half of all advisories are disclosed by  a regular group of 4 vendors (SUSE 19%, Ubuntu 12%, RedHat 11% and IBM 11%)
  • Juniper, Cisco, F5,Netapp, Fortinet are contributing to more than 75 % of all Networking related Advisories.

Last month we reported that 71.63% of all Secunia Advisories had a Threat ( exploits, malware, ransomware , etc.) associated with them, this month the number has been slightly lower to 71.32%

Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.

Software Vulnerability – and Patch Management is becoming more and more important.
Due to the ongoing Russia-Ukraine conflict , attacks on critical infrastructures in many countries are increasing.
Back in 2019 (just before Covid) patching was recommended within 30 days (or 14 days for CVSS score 7 or higher)
Right now , hackers can deploy exploits within 1 week and even within 24 hours . This means that organizations need to prioritize even better to quickly patch vulnerabilities (especially the ones with threats associated with them)

‎May 01, 2023 12:36 PM
Preview file
979 KB
0 Kudos