Millions still exposed despite available fixes

2023-04-03 03:30

Although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors' lack of awareness and action, according to Rezilion.

The Known Exploited Vulnerabilities catalog, maintained by the Cybersecurity and Infrastructure Security Agency, provides an authoritative source of information on vulnerabilities that have been exploited in the past or are currently under active exploitation by attackers.

In a recent study, the Rezilion research team analyzed all vulnerabilities currently included in the KEV catalog and identified over 15 million vulnerable instances, with the majority being vulnerable Microsoft Windows instances.

Most KEVs are rated as CRITICAL or HIGH. Still, researchers found the vulnerabilities in the CISA KEV catalog are only a fraction of the vulnerabilities discovered each year by organizations.

Rezilion's research reveals that millions of systems remain exposed to Known Exploited Vulnerabilities, even though patches already exist to address them.

"Despite the availability of patches for these vulnerabilities, millions of systems remain exposed to attacks. This leaves organizations vulnerable to exploitation from threat actors and Advanced Persistent Threat groups who often target publicly known vulnerabilities," said Yotam Perkal, Director of Vulnerability Research with Rezilion.

News URL

https://www.helpnetsecurity.com/2023/04/03/kev-catalog-vulnerabilities/