Patch Tuesday saw fewer vulnerabilities announced by Microsoft for once, potentially offering some breathing space for teams to get ahead on cybersecurity for 2023.
Peter Pflaster, writing for devops automation tools specialist Automox, noted in a blog post that December’s Patch Tuesday announced the lowest number of Microsoft vulnerabilities since June — 56, including seven critical vulnerabilities and one actively exploited zero-day threat.
“Perhaps the most critical and wide-reaching vulnerability this month is a critical remote code execution flaw in PowerShell 7.2 and 7.3. Attackers are likely to target this weakness, though it does require additional preparation for the target environment prior to exploitation,” Pflaster said.
Also, a privilege escalation vulnerability in Windows Bluetooth Driver allows attackers to elevate to System privileges on most versions of Windows 7, 8.1, 10, 11, and Server 2008-2022. While this hasn’t yet been exploited in the wild, Microsoft has suggested this is likely, according to Automox.
“There’s also an actively exploited zero day in Windows SmartScreen that allows for security feature bypass. Even though the vulnerability is only moderately severe according to Microsoft, you’ll want to patch it since threat actors are already targeting the vulnerability with social engineering attacks,” Pflaster added.
Beyond current vulnerabilities, Automox is looking ahead to the IT environment for cybersecurity in 2023. The vendor’s Jon Levenson has announced that nine IT trends are expected by Automox’s expert team.
First up is an increasing push towards automation.
“Many have touted automation as the provider of vast time savings and efficiency gains for IT organisations that adopt it. In my opinion, they’re correct,” Levenson wrote.
Since Covid, more organisations have supported remote and hybrid working, which meant an accompanying cloud focus. However, this meant that adversaries will increasingly target cloud-based infrastructure.
“Coupled with the hasty nature of many cloud deployments and configurations, overly broad permissions and a lack of proper alerting and monitoring will prove to be advantageous vectors for adversaries to exploit,” according to Automox.
In addition, in a recession especially, staff resource constraints suggest that automation within technical roles will prove crucial to staying afloat and protecting infrastructure.