Microsoft's June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that were being exploited by a new threat group named PuzzleMaker.
That Microsoft rates the zero-day vulnerabilities as just "important" and not "critical" does not mean they should be given a lower priority by IT admin teams, says Chris Goettl, senior director of product management at the endpoint security firm Ivanti.
"This brings an important prioritization challenge to the forefront this month - severity ratings and scoring systems like CVSS may not reflect the real-world risk in many cases," Goettl says. "Adopting a risk-based vulnerability management approach and using additional risk indicators and telemetry on real-world attack trends is vital ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE