Unpatched systems are still one of the significant attack vectors to launch cyberattacks
- The issue can turn worse when the organization can be compromised to steal confidential data or launch DDoS attacks.
- Most of these vulnerabilities are found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.
Leaving a vulnerable system unpatched can invite troubles for an organization. The issue can turn worse when the organization suffers a cyberattack that can result in, but not limited to, compromise of confidential data, DDoS attacks or stealing of customers’ details.
According to a report released by Recorded Future, it has been found that the same vulnerabilities kept showing up year-after-year. An interesting aspect of the report was that most of these vulnerabilities were found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.
Prevalent old flaws
Some of the old flaws that have been quite actively used to launch attacks are:
CVE-2016-0189 - Memory corruption flaw in Microsoft’s Internet Explorer
CVE-2017-8570 - Remote code execution flaw in Microsoft Office
CVE-2017-0143 - Affects SMBv1 protocol
CVE - 2018-11776 -Remote code execution Apache Struts
CVE-2017-11882 - Remote code execution Microsoft Office
CVE-2009-3129 - Remote code execution in Microsoft Excel/Word
CVE-2017-11774 - Security Feature Bypass vulnerability in Microsoft Outlook
It is no surprise that the vulnerabilities above are leveraged in cyberattacks since there are public exploits for all of them. With growing numbers of threats taking advantage of well-known and old vulnerabilities, it is very much necessary for organizations to patch out date systems to protect their data, systems and critical infrastructure against hackers.