When Microsoft Patch Tuesday comes around other vendors take the opportunity and issue their patches as well. The US government’s Cybersecurity and Infrastructure Security Agency (CISA) is one of my go to places to check for vendor patches and security updates – here is what they have for the start of this month.
Here is CISA’s alert for Microsoft’s Patch Tuesday:
Microsoft Releases November 2023 Security Updates | CISA
Other vendor updates:
Adobe Releases Security Updates for Multiple Products | CISA
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
VMware Releases Security Update for Cloud Director Appliance | CISA
CISA also maintains an authoritive database of vulnerabilities that are known be be being exploited in the wild, recent additions include Microsoft Windows, Juniper Junos and SysAid. The entries also include links to more information, vendor sites and mitigation advice. Some of these will be products you are unfamilar with but if one of the software packages you use appears on the list that is when you need to take action.
Known Exploited Vulnerabilities Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles
