Onapsis CTO Juan Pablo Perez-Etchegoyen also says admins need to deal quickly with Note #3633049. “Despite this being a CVSS 7.5,” he said in an email to CSO, “it is a memory corruption potentially exploitable remotely pre-authentication, and these types of vulnerability tend to be very critical because of their nature and potential for denial of service and system compromise.”
However, with many of these vulnerabilities, patching alone is not enough: architecture, exposure, segmentation, and monitoring still matter, advises Mike Walters of Action1. “CSOs need to involve not just patching teams, but also service owners (print, scan, document sharing, remote access), network/security teams (for segmentation and exposure control), and logging/monitoring teams (for post-patch verification),” he said.
