At the end of each month we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In January we tracked 206 patches in total.
Below is an overview on the affected software categories:
Operating system patches made the biggest news in January – with Linux trumping even Windows for a change. On January 26 Qualys published a blog post describing a buffer overflow vulnerability in Sudo, the Linux standard program for running commands as an administrator. The vulnerability lets every user on an affected system get root level privileges and is easy to exploit. Every major distribution has released patches, here are the ones for Ubuntu, Debian and Red Hat / CentOS:
Among the Microsoft patches in January the most noteworthy ones were a fix for a remote code execution vulnerability in Windows Defender that is already being exploited in the wild and several patches for critical vulnerabilities in the Windows Remote Procedure Call Runtime.
Cisco also released multiple important patches in January, with several critical vulnerabilities affecting the Small Business router series: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Other noteworthy patches in January include:
- Drupal: Critical – Third-party libraries – SA-CORE-2021-001
- Elastic Stack: Elasticsearch 7.10.2 Security Update
If you want a weekly patch summary that is personalized for your software + instant patch alerts have a look at our plans: patchdeck.com/plans