Security News > 2024 > January > 45% of critical CVEs left unpatched in 2023
Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched.
The educational services industry has a significantly higher percentage of servers with unpatched weaponised Common Vulnerabilities and Exposures, compared to the general average of 10%. Industries still using end-of-life or EoS OSs that are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer: Educational services, retail trade, healthcare, manufacturing and public administration.
Security professionals found themselves grappling with an overwhelming number of vulnerabilities in 2023, making prioritization and remediation an increasingly complex challenge.
This proliferation of vulnerabilities is further exacerbated by the staggering figure of over 3.6 billion CVEs associated with active assets.
Organizations continue to face a formidable challenge in prioritizing and remedying critical vulnerabilities within their cybersecurity landscape.
Despite maintaining similar patch rates across severity levels, the actual number of critical CVEs being patched remains notably low.
News URL
https://www.helpnetsecurity.com/2024/01/25/cybersecurity-attack-attempts-increase/
Related news
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)