It’s like that saying, “More money, more problems”: More technology, more vulnerabilities – which invariably led to more problems. Everything we use technology for depends on software, and software is inherently vulnerable. A developer puts out a new software release that contains millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability, but future feature updates usually cause fresh issues. Microsoft is notorious for their updates wreaking havoc. It’s like a game of “whack-a-mole” to keep your systems secure – no ‘fix’ lasts forever.

Staying on top of vulnerabilities is one of the key priorities of IT support firms. It’s important to stay abreast of which software and operating systems are being attacked.

Without solid and ongoing update and patch management, networks are at risk, and these attacks are completely avoidable. According to Threatpost, in Q1 of 2022, 82% of US cyber-attacks were enabled by the exploitation of vulnerabilities which were easily patchable.

There are new vulnerabilities lurking in a broad range of products. These were recently detailed by CISA, the Cybersecurity and Infrastructure Security Agency.

Make Sure Any of These Vulnerabilities in Your Systems are Patched ASAP!

Microsoft

Microsoft vulnerabilities include those in three of its products. Microsoft discontinued IE in June of 2022. You should remove this from any computers that still have it installed.

The acronym ‘CVE’ is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.

Here is a rundown of these vulnerabilities and what a hacker can do:

CVE-2012-4969: This concerns Internet Explorer m(IE). It is highly recommended to discontinue and uninstall IE since Microsoft no longer offers any support for it – no more patches or updates. Hackers are actively looking for anyone still using it. It is weak and getting weaker. Get rid of it.

CVE-2013-1331: This addresses a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. This flaw enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function which allows hackers to execute dangerous code remotely.

CVE-2012-0151: This issue affects the Authenticode Signature Verification (ASV) function of Windows. It enables user-assisted attackers to execute remote code on a system. ‘User-assisted’ indicates that the hacker still needs the user to make an error in judgement and click on a malicious file attachment in a phishing email.

Google

Google Chrome and all applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.

CVE-2016-1646 & CVE-2016-518: Both of these flaws allow attackers to conduct Denial of Service (DOS) attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.

There are two additional code flaws that allow hackers to crash sites this way: CVE-2018-17463 and CVE-2017-5070 both do the same thing. And like all these others, have patches already issued that users can install to fix these holes.

Adobe

Adobe Acrobat Reader is a widely used and popular way to share documents across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities.

CVE-2009-4324: This flaw in Acrobat Reader allows hackers to execute remote code via a PDF file. This is the reason you cannot trust that a PDF attachment is going to be safer than other file types. Remember this when receiving unfamiliar emails.

CVE-2010-1297: This memory corruption vulnerability allows remote execution and Denial of Service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. You should uninstall this from all PCs and websites.

Netgear

Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.

CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It is present in many different Netgear products.

Cisco

CVE-2019-15271: This vulnerability is in the buffer overflow process of Cisco RV series routers. It gives a hacker ‘root’ privileges. This means they can do anything with your device and execute any code they want to.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added HERE.

How do you keep your network safe from these and other vulnerabilities?  By patching and updating on a regular basis. Make sure that IT department or Managed Services Provider is managing your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Frequently Asked Questions

Q: Why is security patching important?

A:  What these patches do is to cover any holes in security that a previous software update – or in the initial software download, did not. When you receive a new security patch, that means that there have already been hundreds, possibly thousands, of breaches before the vulnerability was discovered. If you do not install security patches, you are begging to take your place among the victims.

Q: How do security patches work?

A: They work by correcting errors in software code that the developer was previously unaware of.

Q: Why are updates called patches?

A:  Technically, they are not the same, even though they are both updates. A general software update can improve elements of a number of features – which may have nothing to do with overall Cybersecurity, while a patch usually addresses only a specific vulnerability.

Q: How can I tell if my Windows is patched?

A: According to Microsoft, Select Start > Settings > Update & Security > Windows Update , and then select Check for updates.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Need Mobile Device Security Solutions?

No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
818-805-0909