Security News > 2022 > March > Organizations taking nearly two months to remediate critical risk vulnerabilities
The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate across the full stack set at 60 days.
High rates of "Known" vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.
Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old.
These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups.
Healthcare organizations - despite the extreme pressure they endured in the past two years - came out on top, with an MTTR of just 44 days.
At the opposite end of the spectrum, the public administration sector took an average of 92 days to remediate known vulnerabilities - a month longer than the cross-industry average.
News URL
https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/
Related news
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)