A recent study by cybersecurity company Rezilion revealed that numerous critical vulnerabilities remain unpatched, even though patches have been available for years. For example, over 190,000 systems still have the Heartbleed vulnerability (CVE-2014-0160), which was first discovered in 2014. The report also highlights CVE-2021-40438, a medium-severity vulnerability that could be used in traffic redirection attacks. Millions of devices are exposed to 200 vulnerabilities listed in the CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Many systems continue to be unpatched and susceptible to known exploits even after several years. This is because each year, thousands of new vulnerabilities emerge, and while vendors release patches for most, the sheer number of discovered vulnerabilities makes it challenging to patch every system. In 2022 alone, over 25,000 vulnerabilities were identified. It’s crucial to prioritize patching strategies based on significant criteria, as patching all systems for every vulnerability is not feasible.
Two significant factors to consider when prioritizing patching include:
- The inclusion of a vulnerability in the KEV, indicating the US Government’s awareness of active exploitation.
- Devices exposed to inbound internet traffic should be prioritized, as they are the easiest targets for cybercriminals.
Focusing on these two factors for patch prioritization could address 99% of critical issues and significantly reduce the risk of a successful cyberattack.
Of the 25,000 vulnerabilities discovered last year, only 107 are listed in the KEV, accounting for less than 1%. Many of these 107 vulnerabilities are only exploitable from within a network, which further lowers the number since most organizations have a small percentage of internet-exposed devices.
In conclusion, prioritizing the patching of actively exploited vulnerabilities in internet-exposed devices can greatly reduce the likelihood of a security breach by over 99%.
About Action1
Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.