Riskigy Cyber Radar - Need-to-Patch Now!

Take a break from your holiday preparations and review the details of the latest security patches. Microsoft, Apple, Cisco, Citrix, Google, Adobe, VMware, Sophos and many others have released their latest security updates and fixes before the holiday break. Many of the updates and patches fix actively exploited vulnerabilities and zero-days.

Microsoft?recently released a security update that addresses 49 vulnerabilities across its software products; 6 are rated critical, 40 are rated important, and 3 are rated moderate in severity.?

Various other tech giants have also released security updates to address several vulnerabilities in the past two weeks.

• Citrix?addressed the zero-day flaw exploited in Citrix ADC and Citrix Gateway to take over affected systems. Versions 13.1 are not impacted.
• Apple?addressed a new zero-day flaw that could be used to execute malicious code. It described the flaw as a confusion issue in the WebKit engine.
• Fortinet?addressed several issues in FortiOS, FortiADC, FortiProxy, FortiSOAR, FortiSandbox, and FortiDeceptor. The most critical issue was a heap-based buffer overflow vulnerability that could allow attackers to execute malicious code or commands.
• Google?Chrome addressed a zero-day flaw that could allow an attacker to perform a sandbox escape by using a malicious HTML page.
• Cisco?addressed security vulnerabilities across multiple products that could allow attackers to take control of affected systems.
• Adobe?released three patches that fixed 37 CVEs, all rated as Important. These Adobe products have received updates: Experience Manager (32 bugs), Adobe Illustrator and Adobe Campaign Classic.?
• Sophos?Firewall v19.5 GA (19.5.0) release fixes a code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin.
• Mozilla?fixes a missing check related to tex units could have led to a use-after-free and potentially exploitable crash.

Need to Know

Numerous tech giants released security updates addressing severe vulnerabilities.?

? Many of the vendors put out security patches for zero-day vulnerabilities. The strategies of attackers are constantly changing and innovating to get around and surprise even the largest and most successful tech vendors.?

? Due to the severity of these vulnerabilities and the large variety of products they affect, users are urged to apply security updates immediately.

Action Items

Protect your organization with these practices:

? Keep software and operating systems up to date and download the latest security patches.?

? Create a cyber incident response plan, resiliency plan, and communications plan.

? Implement a cybersecurity user awareness and training program that includes guidance on how to report incidents.

? Use multi-factor authentication for all services possible.

? Install, regularly update, and enable real-time detection for antivirus software on all hosts.

More Information

? CISA - Microsoft Releases December 2022 Security Updates?https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/microsoft-releases-december-2022-security-updates?

? Microsoft - December 2022 Security Updates?https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec?

? The Hacker News - December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More?https://thehackernews.com/2022/12/december-2022-patch-tuesday-get-latest.html

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone.?Get Cybersecurity & Tech help from Riskigy!

? Looking for an expert to assist your firm or clients??

? Need a pro to explain Tech or Cyber to your management??

? Vetting a new investment or acquisition??

? Want to build a cyber aware staff??

? Need immediate assistance with an incident??

? Considering adding a vCISO or vCTO to your team?

? Seeking help with SOC2, PCI, or ISO readiness?

Contact us to discuss how we can assist!

e: [email protected] | p: 888.333.6553