ICYMI: Software Vulnerabilities in May 2024

In 2023, over 2,000 vulnerabilities were discovered every month. The velocity of software vulnerabilities being discovered has grown so rapidly that even the National Institute of Standards and Technology (NIST) cannot keep up with analyzing CVEs.

But trying to keep up with fixing and remediating vulnerabilities is crucial for maintaining the integrity and security of systems. This includes regularly updating software, applying patches, and staying informed about the latest threats and mitigation strategies are essential practices for safeguarding against potential exploits.

With more than 2,000 vulnerabilities dropping every month, how can IT and Security teams keep up? That’s what we’re here to help with!

May 2024 Vulnerabilities to Prioritize

Here’s our roll-up of the most critical software vulnerabilities last month. If your company uses any of these software applications, you should:

  • Run a vulnerability scan to identify if these vulnerabilities are in your environment.
  • Prioritize these vulnerabilities based on the severity level and potential impact to your systems.
  • Queue these vulnerabilities up for remediation.
  • Report on whether the remediations worked.

Adobe

Adobe released patches for eight products, addressing 14 vulnerabilities, 11 of which were rated critical. The affected products include:

  • Acrobat Reader (Windows and macOS): 14 fixes (11 critical)
  • Illustrator (Windows and macOS): 3 fixes (2 critical)
  • Substance 3D Painter: 4 fixes (2 critical)
  • Adobe Aero (Windows and macOS): 1 critical fix
  • Substance 3D Designer: 1 important fix
  • Adobe Animate: 7 fixes (6 critical)
  • FrameMaker (Windows): 8 fixes (5 critical)
  • Dreamweaver (Windows and macOS): 1 critical fix

Google Chrome

Google Chrome addressed several high-severity vulnerabilities, including six zero-day exploits discovered in the wild. The vulnerabilities were found in the V8 JavaScript engine and other components. Ensure your Chrome browser is updated to the latest version (125) to mitigate these risks.

Check out our urgent bulletin with more details about Google Chrome updates.

Microsoft Edge

Microsoft Edge, based on Chromium, also released patches for the same zero-day vulnerabilities as Chrome. Update Edge to the latest version to address these critical security issues.

Mozilla Firefox

Mozilla Firefox released version 126, which includes 16 security fixes, two of which are rated high severity. While no zero-day exploits were found in Firefox this month, updating to the latest version is still crucial for maintaining browser security.

Other Software

Several other software products received updates this month, including 7-Zip, Cisco products, Citrix products, Dropbox, Foxit Reader, Genesis Cloud, Google Drive, iTunes for Windows, Jenkins, Power BI, Notepad++, Opera, RealVNC, RingCentral, ScreenConnect, Skype, Slack, TeamViewer, Thunderbird, VirtualBox, WinSCP, Wireshark, and Zoom.

If your organization uses any of these applications, review the release notes for these products and apply updates as needed.

For Syxsense customers, these patches and remediations are already in your console. Check with your Customer Success Manager if you need any support.

Staying Up To Date on Software Vulnerabilities

Given the increasing number of zero-day exploits and the potential for widespread impact, it’s crucial for IT and Security Operations teams to prioritize patching for critical software vulnerabilities. But we also know it can be challenging to identify, prioritize, and remediate these vulnerabilities effectively and quickly.

Maintaining a robust patch management process can help ensure the implementation of timely updates for software in your environment, and staying on top of the list of vulnerabilities dropping every month is important but not easy. That’s why we’re here to assist.

We’re evolving our monthly third-party patching webinars into a monthly “Zero-Day to Every Day” series. In this series, our sales engineers will highlight some of the most important software vulnerabilities being released, allowing you to address the most critical risks without having to sort through all the noise.

Sign up for our first session, being held on June 27, 2024.