Vulnerability Trends for Q3
This blog was originally published by Vulcan Cyber here.
Written by Orani Amroussi, Vulcan Cyber.
Over the past few months, we’ve seen new vulnerability trends emerge, and with new and old vulnerabilities posing threats to the security of major organizations. Left unresolved, these can quickly result in exploits that cause major damage. The Vulcan Remedy Cloud offers context about each vulnerability, together with clear instructions for how to remediate them. Based on metrics from the Remedy Cloud, here are three of the most talked-about between June and August of 2021:
Known as Spectre Variant 2, this is closely linked to Spectre Variant 1 (CVE-2017-5753) and the Meltdown vulnerability (CVE-2017-5754). All three come as a result of a function known as “speculative execution,” where tasks are performed before being requested in order to increase efficiency. Exploitation of these vulnerabilities means one virtual machine can access another without sufficient privileges. Most microprocessors are affected, and while relatively difficult to exploit, experts believe it’s only a matter of time before we see Spectre out in the wild.
The Vulcan Remedy Cloud gives you clear remediation instructions for you to stay ahead of CVE-2017-5715. You can read the full blog post here.
The PrintNightmare vulnerability has caused concern amongst security professionals, and has even made headlines in mainstream news outlets. It affects Windows Print Spooler which automatically starts every time Windows boots, and remains running until Windows is shut down. It can be found in every Windows system and so is an ideal target for attackers. Exploiting the Remote Code Execution vulnerability gives attackers system-level privileges on the Windows device.
It has already been exploited in the wild and is a very attractive option for hackers, with the potential to cause massive damage.
Remediation instructions can be found in the Vulcan Remedy Cloud. You can read the blog here.
Found in the Tor browser, a key tool for organizations protecting their clients’ privacy, this vulnerability affects those who have yet to update to the latest version. The fix? Download the latest version of Tor. It’s straightforward, and not taking action has the potential to result in breaches of sensitive data.
For more information and additional links, click here.
About the Author
Orani has years of experience in marketing and content creation. He works to help security professionals learn about best practices for defending their enterprises in a rapidly evolving cybersecurity landscape.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.