The US-CERT has made a list of the most exploited security bugs, and guess what? Microsoft flaws that users forgot to patch take the cake.
What is happening
Microsoft is high in the list since its software is ubiquitously used and thus, is the most common potential target for cybercriminals. Although patches have been available for vulnerabilities in Microsoft Office, Windows, and Windows Server, users do not usually keep up with the patches.
- At the top of the list is CVE-2017-11882, an RCE vulnerability in Office. The memory bug is exploited to propagate data harvesting trojans.
- Another popular one is CVE-2017-0199, another RCE bug in Office used as an entryway for spyware and banking trojans.
- CVE-2012-0158 is an eight-year-old Windows ActiveX bug used for Dridex malware infections.
- Adobe Flash Player also appears on the list with CVE-2017-1043. This bug is used to spread Dogcall, a remote access trojan.
- An RCE bug in Drupal - CVE-2018-7600 - is used to spread Kitty, a cryptocurrency mining infection.
What the experts are saying
- According to the CISA, the main purpose behind sharing the list is to advise security personnel to prioritize the work on patching critical vulnerabilities in their environments in efforts to spoil attacks from foreign cyber actors.
- Bugs in Microsoft’s Object Linking and Embedding (OLE) technology are the most commonly exploited.
- The Equifax hack was caused by the exploitation of CVE-2018-5638, an RCE vulnerability in Apache Struts 2.
- The latest bug title goes to CVE-2019-0604, SharePoint RCE vulnerability. This bug is used as the entryway for China Chopper and was also, connected to a reported hack in the UN.
Most of the bugs were fixed for years and yet, the customers did not keep up with the patches. Systems will be well protected by basic security measures and patching the vulnerabilities at regular intervals.