Microsoft Windows and Office vulnerabilities most targeted for exploits: report

By on
Microsoft Windows and Office vulnerabilities most targeted for exploits: report

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software, Microsoft Office and Windows beat out the much maligned Adobe software.

A new report from Alienvault, the first in a series of three, based on numbers from the company's Open Threat Exchange (OTX) platform found that once in the wild, exploits quickly move between criminal groups and nation states and the most effective remain popular for years after their initial discovery and being patched.

Alienvault reported that the big winner for 2017, CVE-2017-0199, was the number one ranked exploit having been used by attackers in North Korea (FreeMilk), China (Winnti) and Iran (Oilrig). Criminals also found CVE-2017-0199 useful using it to deploy the Dridex banking Trojan. The vulnerability exists in the way Microsoft Office and WordPad parse specially crafted files allowing remote code execution if left unpatched.

When it comes to durability CVE-2012-0158, third on the 2017 Alienvault top 10 list, remains in heavy demand. Microsoft issued an update for this critical flaw in April 2012 that could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.

The lone Adobe Flash Player issue, CVE-2016-4117, landed fourth on the list, despite the fact that the vulnerability, which was a zero day, was reported by Fireye in May 2016 and a patch was issued four days later.

The only non-Windows bug listed was another oldie but goodie, CVE-2013-6282 for Android/Linux.

The next OTX blog in the series will talk about the malware of concern and trends.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

How's business been for you this year?
Business is up
Steady, nothing to report
Business has been down
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?