The Most Exploited Vulnerabilities in 2016-2019 as Reported by the FBI
⚡ TL;DR | Go Straight to Audit Report
It probably won’t surprise you that 7 of the 8 most exploited software vulnerabilities are to be found in Microsoft products. Their widespread use across organizations and institutions makes them an ideal candidate for cybercriminals. According to U.S. Government technical analysis, malicious cyber actors most often exploit vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. But also Adobe Flash Player makes it to the list.
Older Unpatched Systems are Vulnerable for Cybersecurity Attacks
A recent report on the most exploited vulnerabilities by the Cybersecurity & Infrastructure Security Agency (CISA) and the FBI listed the most routinely exploited vulnerabilities in the wild. The interesting thing is that most of these vulnerabilities are pretty old, yet cyber criminals have no problem to continue exploiting these publicly known software vulnerabilities to gain access to your network. The cited reason for this is that the exploitation of these known vulnerabilities often requires fewer resources as compared with new zero-day exploits.
The silver lining in this is that all of them have patches available and could be easily fixed by identifying which machines on your network are still running outdated software. This can require a significant investment of resources, particularly when mitigating multiple flaws at the same time. To help you get started, we have created a dedicated Lansweeper report, which will flag any device on your network vulnerable to any of those exploits.
Note: The lists of associated malware corresponding to each CVE number below is not meant to be exhaustive but instead is intended to identify a malware family commonly associated with exploiting the CVE. Included are their CVE numbers, vulnerable products, associated malware, and mitigation strategies.
Which Software Vulnerabilities are exploited the most?
CVE-2017-11882
- Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Products
- Associated Malware: Loki, FormBook, Pony/FAREIT
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail: CVE-2017-11882
- IOCs: AR20-133E
CVE-2017-0199
- Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1
- Associated Malware: FINSPY, LATENTBOT, Dridex
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail: CVE-2017-0199
- IOCs: AR20-133G, AR20-133H, AR20-133P
CVE-2012-0158
- Vulnerable Products: Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0
- Associated Malware: Dridex
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail:
- AA19-339A
- CVE-2012-0158
- IOCs: AR20-133I, AR20-133J, AR20-133K, AR20-133L, AR20-133N, AR20-133O
CVE-2019-0604
- Vulnerable Products: Microsoft SharePoint
- Associated Malware: China Chopper
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail: CVE-2019-0604
CVE-2017-0143
- Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016
- Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail: CVE-2017-0143
CVE-2018-4878
- Vulnerable Products: Adobe Flash Player before 28.0.0.161
- Associated Malware: DOGCALL
- Mitigation: Update Adobe Flash Player installation to the latest version
- More Detail: CVE-2018-4878
- IOCs: AR20-133D
CVE-2017-8759
- Vulnerable Products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7
- Associated Malware: FINSPY, FinFisher, WingBird
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail: CVE-2017-8759
- IOCs: AR20-133F
CVE-2015-1641
- Vulnerable Products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1
- Associated Malware: Toshliph, UWarrior
- Mitigation: Update affected Microsoft products with the latest security patches
- More Detail: CVE-2015-1641
- IOCs: AR20-133M
Find all Vulnerable Devices on your Network
Similar to our monthly Patch Tuesday reports, we’ve created a dedicated audit report that checks if the assets in your network are vulnerable to any of these 8 exploits.
It’s color-coded to give you an easy and quick overview of which assets are vulnerable, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible.
At Lansweeper, cybersecurity is one of our cornerstone use cases. Why? The first step in protecting anything is knowing that an asset exists. It sounds so simple, but a solid cybersecurity program requires reliable inventory and discovery as its foundation.
Lansweeper holds more than 450 built-in network reports, but ad-hoc vulnerabilities mostly require a custom vulnerability report to assess if you’re vulnerable and need to update. We regularly create custom hardware and software reports to address known issues.
If you haven’t already, start your free trial of Lansweeper to run this report. Make sure to subscribe via the form below if you want to receive other vulnerability reports for free.