The top ten security vulnerabilities
- CVE-2017-11882 - a remote code execution vulnerability in Microsoft Office products, and has been used by a variety of malware to bypass security measures on vulnerable computers. The flaw has been known about since 2017, but actually dates back to a buggy Office component - Microsoft Equation Editor - compiled in November 2000.
- CVE-2017-0199 - this remote code execution bug in Microsoft Office allows an attacker to run malware on a user's computer via a boobytrapped document. It is frequently seen being used by banking and spyware trojans such as Dridex.
- CVE-2017-5638 - a remote code execution vulnerability in Apache Struts, most infamously exploited in the massive Equifax data breach of 2017.
- CVE-2012-0158 - despite being eight years old, this bug in Windows ActiveX is still unpatched on many people's computers, and is exploited by the likes of the Dridex banking trojan.
- CVE-2019-0604 - a SharePoint remote code execution flaw that has been blamed for a mid-2019 attack that saw in hackers ultimately accessing the systems of the United Nations in Geneva and exfiltrating sensitive information held by the UN Office of the High Commissioner for Human Rights (OHCHR).
- CVE-2017-0143 - a remote code execution vulnerability in Microsoft SMB that has been incorporated into the EternalSynergy and EternalBlue exploit kits.
- CVE-2018-4878 - a vulnerability in versions of Adobe Flash Player that was first successfully exploited by attackers in the wild in early 2018.
- CVE-2017-8759 - a remote code execution vulnerability in the Microsoft .NET Framwework that is used by the notorious FinFisher spyware.
- CVE-2015-1641 - this Microsoft Office vulnerability allows an attacker to run malicious code on a target's computer via a boobytrapped RTF document.
- CVE-2018-7600 - a critical Drupal core vulnerability that has been exploited by cybercriminals to run cryptomining code known as Kitty.
"Organizations with applications dependent on legacy systems need to weigh out the benefits and costs of modernizing their systems. While there can be significant cost to redeveloping applications, there are many significant benefits. Among them is that older systems are exploitable to some severe vulnerabilities that are actively and routinely being exploited. This list can be used to help businesses justify modernizing their platforms sooner rather than later."US-CERT predictably reminds businesses that US interests would be served well through keeping systems patched and up-to-date:
"A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective. A concerted patching campaign would also bolster network security by focusing scarce defensive resources on the observed activities of foreign adversaries."Find out more about how Tripwire can help you in this video featuring Tyler Reguly, Tripwire's manager of security R&D. https://www.youtube.com/watch?v=eMoRqJbvrnA
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.