• About
  • Advertise
  • Careers
  • Contact
Monday, February 6, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

These Are The Top 10 Most Exploited Vulnerabilities In Past 3 years

by Cyber360 News
May 13, 2020
in Security
0
These Are The Top 10 Most Exploited Vulnerabilities In Past 3 years
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

Cybersecurity is a matter of grave concern, and bad actors are actively involved in exploiting vulnerabilities in systems. Today, the US cybersecurity agencies have released a list of the top 10 most exploited vulnerabilities between 2016 and 2019.

The data has been released by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) as AA20-133A alert through the National Cyber Awareness System. This is intended to help companies in prioritizing security patches for vulnerabilities according to how frequently they are targeted by the attackers.

“A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective,” reads the alert.

Top 10 Most Exploited Vulnerabilities (2016-2019)

1. Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)

Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1

Associated Malware: Loki, FormBook, Pony/FAREIT.

2. Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API (CVE-2017-0199)

Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1

Associated Malware: FINSPY, LATENTBOT, Dridex.

3. Incorrect exception handling and error-message generation during file-upload attempts in Jakarta Multipart parser in Apache Struts (CVE-2017-5638)

Vulnerable Products: Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1

Associated Malware: JexBoss

4. MSCOMCTL.OCX RCE Vulnerability (CVE-2012-0158)

Vulnerable Products: Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0.

Associated Malware: Dridex

5. Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)

Vulnerable Products:  Microsoft SharePoint

Associated Malware: China Chopper

6. Windows SMB Remote Code Execution Vulnerability (CVE-2017-0143)

Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016

Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit

7. Use-after-free vulnerability in Adobe Flash Player (CVE-2018-4878)

Vulnerable Products: Adobe Flash Player before 28.0.0.161

Associated Malware: DOGCALL

8. .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)

Vulnerable Products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7

Associated Malware: FINSPY, FinFisher, WingBird

9. Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)

Vulnerable Products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1

Associated Malware: Toshliph, UWarrior

10. The issue affecting multiple subsystems with default or common module configurations in Drupal (CVE-2018-7600)

Vulnerable Products: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1

Associated Malware: Kitty

As evident from this list, Microsoft Office 2007 is the most vulnerable product in the past three years. CISA has also provided mitigations for the top 10 most exploited vulnerabilities in the alert. Here is the PDF document; you can refer to for more details.

Cyber360 News

Cyber360 News

Next Post
Microsoft May 2020 Patch Tuesday fixes 111 flaws, 13 Critical

Microsoft May 2020 Patch Tuesday fixes 111 flaws, 13 Critical

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In