New research from Recorded Future claims that hackers are exploiting many of the same security vulnerabilities as last year, demonstrating how failure to apply security updates is leaving organizations vulnerable to attack.
Researchers analyzed the top vulnerabilities, exploit kits and malware attacks used by attackers in 2019 and found that six of the most commonly exploited vulnerabilities were repeats from 2018. All of these repeated vulnerabilities are related to Microsoft products, with a total of eight of the top ten vulnerabilities related to Microsft software like Internet Explorer and Microsoft Office products.
The two other most common vulnerabilities target Adobe Flash Player. One vulnerability - CVE-2018-15982 - was the most commonly exploited vulnerability of 2019. This vulnerability was assigned a Common Vulnerability Scoring System (CVSS) score of 10 when it first emerged and was patched in December 2018.
The next two most commonly exploited vulnerabilities were both repeats from 2018. Last year's number one, CVE-2018-8174, fell to the number two spot. This vulnerability in Internet Explorer, known commonly as Double Kill released for the vulnerability in May 2018, but given the volume of exploitation, there is still a large number of users who have not applied it.
The third most commonly exploited vulnerability, CVE-2017-11882, is a vulnerability in Microsoft Office that was disclosed back in December 2016 that allows hackers to conduct remote code execution attacks. This vulnerability has been associated with Emotet, one of the world's most prolific botnets.
Vulnerabilities like CVE-2012-0158 are particularly alarming considering the critical bug in Microsoft Office was patched almost eight years ago. This big can also be exploited to conduct remote code execution attacks.
CVE-2015-2419 is the sixth most commonly exploited vulnerability. This bug allows attackers to execute arbitrary code through Internet Explorer and has been known about since 2015.
Here's the list of the ten most commonly exploited vulnerabilities according to Recorded Future:
- CVE-2018-15982 – Adobe Flash Player
- CVE-2018-8174 – Microsoft Internet Explorer
- CVE-2017-11882 – Microsoft Office
- CVE-2018-4878 – Adobe Flash Player
- CVE-2019-0752 – Microsoft Internet Explorer
- CVE-2017-0199 – Microsoft Office
- CVE-2015-2419 – Microsoft Internet Explorer
- CVE-2018-20250 – Microsoft WinRAR
- CVE-2017-8750 – Microsoft Internet Explorer
- CVE-2012-0158 – Microsoft Office
All of the vulnerabilities on this list have received patches, but there are still organizations that are ignoring the updates and leaving the backdoor open for cybercriminals. The most effective way to protect networks from these vulnerabilities is to ensure that all products, especially Microsoft ones, are up to date with the latest security patches.
NNT suggests implementing a robust System Hardening and Vulnerability Management solution coupled with intelligent change control to help fight the persistence of vulnerabilities. Any configuration changes, be it through patching or other system maintenance, may introduce vulnerabilities, so visibility and control of changes is an essential security best practice.
>> Read our latest whitepaper The Problem with Running Outdated Software, to learn how to protect your organization.
>> Read our latest article Is Patching a Double-Edged Sword? with Security Magazine