Action1

Gain deeper insights and actionable data to ensure your software security strategies are up to date with Action1's Software Vulnerability Ratings Report 2024! What's inside: ✅ Exploitation Rate Metric: A new metric by the Action1 research team showing the ratio of exploited vulnerabilities to the total number. ✅ Exploitation Rates Review: NGINX and Citrix show alarming trends with rates of 100% and 57%. ✅ Critical Vulnerability Analysis: MacOS and iOS exploitation rates surged by over 30%, MSSQL Server saw a 1600% increase in critical vulnerabilities. ✅ Trends in User-Facing Software Vulnerabilities: MS Office and Edge browser vulnerabilities rose, with MS Office seeing a 5% increase in 2023. Download your report now to prioritize your patch management effectively ➡️ https://lnkd.in/dfxvv9xN

This user quote explains so well why Action1 is truly the world's easiest-to-use (per G2 ratings!) patch management solution: "Within 1 minute of being on their website I was signed up and downloading the client. Within 5 minutes I had already figured out how their dashboard worked and how to onboard my customers machines. Holy $%it what a difference." Love it, keep them coming! https://lnkd.in/gvHm8d_r

July #PatchTuesday week has come to an end, but have you addressed all the necessary updates? Be sure to visit the Action1 Patch Tuesday Watch portal for in-depth reviews of vulnerabilities, recorded webinars, and blog posts from current and previous Patch Tuesdays: https://lnkd.in/gX5i3ARF

So, you thought you’d seen the last of the insecure abomination that was the Internet Explorer web browser, huh? Think again. What if Davey Winder were to tell you that your installation of Windows 10 or 11 (including Server editions) still comes with Internet Explorer installed by default, despite it being ‘retired’ by Microsoft two years ago? And, while we’re all in shocking-revelation mode, what if I were to tell you that Morpheus never uttered that infamous line in The Matrix, despite a million memes claiming he did? Prepare for shock number three: security researchers have revealed a zero-day exploit that has been using Internet Explorer to install malware for at least a year. https://lnkd.in/gQg3acmB 💡 Our thanks to Mike Walters, Co-Founder of Action1 and Satnam Narang, Senior Staff Research Engineer at Tenable for sharing their insights for this article.

Based on customer feedback and common questions, we put together a list of powerful features in Action1 that are often overlooked – and we are excited to demonstrate their full potential to you! Don't miss our upcoming live webinar, Hidden Gems in Action1: Valuable Yet Overlooked Features, on Wednesday, July 17, to learn more about Action1's extended capabilities in third-party and OS patching, vulnerability management, reporting, compliance, and more. Save your spot now to join the webinar or receive a recording: https://lnkd.in/da9pG6Vu

For July 2024 #PatchTuesday, #Microsoft has released security updates and patches that fix 142 CVEs, including CVE-2024-38112 – a spoofing vulnerability in Windows MSHTML Platform that can be triggered with a specially crafted HTML file. Head over to the new article on Help Net Security in which Mike Walters, President and Co-Founder of Action1, shares how CVE-2024-38112 can be exploited: https://lnkd.in/eSg_qraX

Don't miss our webinar with Adventus on July 24! Register today: https://lnkd.in/gapXQ9Wn

ComputerWeekly.com: Security teams will have a busy few days ahead of them after Microsoft patched close to 140 new common vulnerabilities and exposures (CVEs) in its July #PatchTuesday update, including CVE-2024-38080, an elevation of privilege (EoP) flaw in Windows Hyper-V. Zeroing in on it, Mike Walters, President and Co-Founder of Action1, said it posed “significant risk” to systems utilising Hyper-V – it appears relatively simple to exploit, with an attacker being able to gain admin rights with ease if they have obtained initial local access via, for example, a compromised user account in a virtual machine. Ultimately, it takes advantage of an integer overflow issue in Hyper-V. Head over to ComputerWeekly.com's review of July Patch Tuesday for more details and insights: https://lnkd.in/dE5Rk6AH

Here comes July's #PatchTuesday and the latest edition of Vulnerability Digest from Action1! #Microsoft has addressed 142 vulnerabilities, two zero-days (CVE-2024-38112 and CVE-2024-38080) and two have proof of concept (PoC) available. In today’s vulnerability digest, we cover both Microsoft and third-party apps, including Google Chrome, Android, OpenSSH, Splunk, CocoaPods for Swift, Cisco, Juniper, GitLab, FileCatalyst, Siemens, MOVEit Transfer, and VMware. Navigate to the July Patch Tuesday blog post for a comprehensive summary updated in real time: https://lnkd.in/detHSiyB For live review and discussions, join our webinar, Vulnerability Digest from Action1, tomorrow, July 10, at 12 PM EDT / 6 PM CEST: https://lnkd.in/dTBVsuTV Quick summary: - Windows: 142 vulnerabilities, two zero-days (CVE-2024-38112 and CVE-2024-38080) and two have proof of concept (PoC) available (CVE-2024-37985 and CVE-2024-35264) - Google Chrome: Sandbox Escape RCE zero-day and 11 vulnerabilities - Android: 15 vulnerabilities - OpenSSH: CVE-2024-6387 - Splunk: 18 vulnerabilities - CocoaPods for Swift: CVE-2024-38368 (CVSS 9.9), CVE-2024-38366 (CVSS 9.0) and CVE-2024-38367 (CVSS 8.0) - Cisco: zero-day CVE-2024-20399 - Juniper: CVE-2024-2973 - GitLab: 14 vulnerabilities - FileCatalyst: CVE-2024-5276 (CVSS 9.8) - Siemens: CVE-2024-31484, CVE-2024-31485 and CVE-2024-31486 - MOVEit Transfer: CVE-2024-5806 - VMware: CVE-2024-37079 and CVE-2024-37080 (both have CVSS score of 9.8) Find more details on our Patch Tuesday Watch page: https://lnkd.in/dUNZXZRa

July #PatchTuesday is next week! Join us on July 10 for our Vulnerability Digest webinar with Mike Walters, President and Сo-founder of Action1, and get a comprehensive review of the most critical vulnerabilities patched in the past month, including the Microsoft Patch Tuesday updates and patches from various third-party vendors. Don't miss this live webinar to learn: ✅ Actionable recommendations on which patches to prioritize ✅ Tips on how to patch all of your endpoints in less than 24 hours 🗓 Hurry to save your spot now: https://lnkd.in/d2d7gXHy