Action1’s expanded coverage for vulnerability detection now includes both third-party and OS CVEs in one single view, eliminating siloes and gaps in remediation workflows.
Discover how Patch Tuesady has evolved over the past 20 years in the article by Mike Walters, President and co-founder of Action1.
Join Mike Walters, co-founder of the cybersecurity firm Action1, and Dave Bittner, co-founder of CyberWire, in their conversation about the 20th anniversary of Patch Tuesday.
“To exploit this vulnerability, an attacker must first gain access to the system,” explained Mike Walters, president and co-founder of Action1, in October Patch Tuesday commentary.
Discover how patch management has evolved over the past 20 years in the article by Mike Walters, President and co-founder of Action1.
“While government agencies have made progress in addressing open source security, it is evident that further action is needed to enhance the protection of critical infrastructure and corporate assets,” said Mike Walters, vice president of vulnerability and threat research and co-founder of patch management software company Action1.
Action1 vice president of vulnerability and threat research Mike Walters noted in a blog post that while CVE-2023-38148 seems particularly threatening due to its low attack complexity and since it requires no privileges or user interaction, it can only target systems in the same network segment as the attacker.
Mike Walters, VP of vulnerability and threat research and co-founder of Action1, highlighted CVE-2023-2312 as one of the most critical vulnerabilities.
The updated Action1 patch management platform brings together vulnerability discovery and remediation, helping enterprises fortify their defenses against threats such as ransomware infections and security breaches.
“It’s important to note that all versions of Microsoft Office since 2013 are affected by this vulnerability,” Walters said. Microsoft points out that a fix for users of Office 2019 and Office LTSC 2021 for Mac, “are not immediately available.”
According to a study by patch management platform vendor Action1, 82 percent of sysadmins said their employers did not require AI implementation in their roles, while 73 percent lacked understanding of strategic AI implementation in their area of expertise.
Mike Walters, co-founder of cybersecurity firm Action1, said CVE-2023-32046 on its own was concerning because of how it will be used by hackers.
Despite the flaw only being rated “important” by Microsoft, this patch should have IT’s full attention, according to Mike Walters, VP of Vulnerability and Threat Research at security firm Action1.
Risk-based patch management startup Action1 Corp. has today announced that it has raised $20 million in new funding for research and development, focusing specifically on implementing zero-knowledge architecture into its platform.
Security firm Action1 says all three bugs (CVE-2023-32015, CVE-2023-32014, and CVE-2023-29363) can be exploited over the network without requiring any privileges or user interaction, and affected systems include all versions of Windows Server 2008 and later, as well as Windows 10 and later.
CVE-2023-3079 is the third zero-day of 2023 for Google Chrome. It poses a significant risk, according to Mike Walters, VP of vulnerability and threat research at risk-based patch management specialists Action1.
“In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted email message to the victim,” said Action1 co-founder and vice-president of vulnerability and threat research Mike Walters.
“It has a local attack vector, meaning the attacker needs access to the targeted system. The attack complexity is low, requiring minimal privileges and no user interaction,” explained Mike Walters, VP of vulnerability and threat research at Action1.
Cloud-native, patch-management application provider Action1 is set to add vulnerability discovery and prioritization capabilities to its namesake flagship platform to help businesses stay ahead of software exploits.
Action1 VP of vulnerability and threat research Mike Walters highlighted two additional RCE flaws from the current updates. The first, CVE-2023-28311, is a remote code execution vulnerability in Microsoft Word with a CVE score of 7.8.