You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks

Trending 2 weeks ago
  1. Home
  2. Security
  3. You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks

It's mostly accepted that information flaws successful Microsoft's products are a apical magnet for crooks and fraudsters: its sprawling empire of hardware and package is simply a target-rich ecosystem successful that location is simply a wide scope of bugs to exploit, and a immense number of susceptible organizations and users.

And truthful we tin judge it erstwhile Qualys yesterday said 15 of nan 20 most-exploited package vulnerabilities it has observed are successful Microsoft's code.

These are nan vulnerabilities abused by miscreants to infect victims' systems pinch ransomware, change aliases bargain data, and remotely dispersed malware aliases takeover devices. Qualys's method for ranking these information holes took into relationship respective factors, we're told, including nan number of attackers known to utilization nan vulnerability. 

Notably, older vulnerabilities were fixed little weight though that doesn't look to person helped Microsoft's case. The No. 1 flaw connected nan database was patched successful November 2017, a codification execution spread successful Microsoft Office's Equation Editor we'd person hoped had been mostly mitigated by now. Finally, much mature utilization codification and inclusion successful nan US government's CISA database of top-exploited vulnerabilities will besides boost a bug's rank connected Qualys' index. Thus, beryllium alert this database isn't conscionable sorted by complaint of exploitation; location are different points Qualys has considered.

Above all, it shows that Microsoft remains an charismatic target for criminals and snoops, acknowledgment to nan decades-old IT giant's extended personification base.

"Ultimately, this boils down to return connected finance from an attacker's perspective," Mehul Revankar, a merchandise guidance veep astatine Qualys, told The Register. "Attackers are much apt to attraction connected Microsoft-based applications owed to nan larger number of susceptible systems, expanding their chances of successfully exploiting and infiltrating organizations."

Microsoft declined to comment.

In summation to nan Windows maker, different vendors connected nan apical 20 database see Oracle pinch 3 heavy exploited bugs, and Linux, Jira Atlassian, Apache, Citrix, Ivanti, and Fortinet pinch 1 each.

6-year-old CVE still going strong

The No. 1 vulnerability is simply a six-year aged representation corruption bug successful Microsoft Office, tracked arsenic CVE-2017-11882, has been exploited arsenic precocious arsenic August 31, according to Qualys. 

"If nan personification has administrative rights, nan attacker could summation complete power of nan system, instal programs, change data, aliases create caller personification accounts pinch afloat privileges," wrote Ramesh Ramachandran, Qualys main merchandise head for vulnerability management, discovery and response, successful revealing nan top-20 list. 

"This vulnerability will beryllium exploited if nan personification opens a specially crafted file, perchance sent via email aliases hosted connected a compromised website."

Since it was fixed successful 2017, nan rumor has been exploited by dozens of attackers and gangs, and utilized to deploy 467 malware variants and 14 types of ransomware, we're told. The vulnerability is chiefly abused for espionage purposes and utilized to deploy data-stealing software. CISA included nan bug successful its Additional Routinely Exploited Vulnerabilities successful 2022 list, and it topped nan US-CERT's database of most-exploited flaws backmost successful 2020. 

Last summer, Kaspersky researchers attributed attacks that abused this bug to Chinese cybercrime pack TA428. The cyberspies exploited CVE-2017-11882 to discuss much than a twelve organizations successful respective Eastern European countries, including Belarus, Russia, and Ukraine, and Afghanistan, installing backdoors and past stealing confidential information from subject and business groups.

  • Malware loader lowdown: The large 3 responsible for 80% of attacks truthful acold this year
  • Apple opens yearly applications for free hackable iPhones
  • Barracuda gateway attacks: How Chinese snoops support a grip connected victims' networks
  • More Okta customers trapped successful Scattered Spider's web

The No. 2 flaw, CVE-2017-0199, was besides fixed backmost successful 2017. It's a distant codification execution vulnerability that affects circumstantial Microsoft Office and WordPad versions erstwhile they parse specially crafted files. 

To utilization CVE-2017-0199, an attacker would person to instrumentality a personification into opening aliases previewing a malicious record — usually sent via a phishing email. And, again, it's worthy noting that Redmond addressed nan rumor by, according to nan package titan, "correcting nan measurement that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality successful Windows that Microsoft Office and WordPad will leverage to resoluteness nan identified issue."

Over nan years, it was exploited by 93 strains of malware, 53 attackers, and 5 ransomware families, according to Qualys, which adds that this vulnerability was "trending successful nan chaotic arsenic precocious arsenic September 4."

Back to 2012

If nan first 2 years-old information holes weren't bad enough, nan 3rd flaw connected Qualys' database is simply a distant codification execution vulnerability successful Windows Common Controls that dates backmost to 2012. It's tracked arsenic CVE-2012-0158.

An attacker would request to person a personification to sojourn a malicious website laced pinch codification designed to utilization nan vulnerability. Assuming a crook had occurrence doing that — and, according to Qualys, 45 different attackers did — they could summation nan aforesaid privileges arsenic nan logged-on user.

"If nan personification has administrative privileges, this could mean full power of nan affected system," Ramachandran wrote. "This vulnerability has been notably exploited successful various cyber-attacks, enabling attackers to instal programs, manipulate data, aliases create caller accounts pinch afloat personification rights."

The No. 4 classed vulnerability is yet different RCE bug successful Microsoft Office and WordPad tracked arsenic CVE-2017-8570. It requires an attacker to instrumentality a personification into opening a malicious file, and tin beryllium abused to download and tally malware connected victims' computers.

The afloat database of each 20 vulnerabilities tin beryllium recovered here. And successful closing: please, people, update your package and instal patches successful a timely manner. Let's not support making it immoderate easier for criminals. ®

Related Article

Save the Children feared hit by ransomware, 7TB stolen

Save the Children feared hit by ransomware, 7TB stolen

1 week ago
MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

1 week ago
Huge DDoS attack against US financial institution thwarted

Huge DDoS attack against US financial institution thwarted

1 week ago
Malice in the mail

Malice in the mail

1 week ago
Google warns infoseccers: Beware of North Korean spies sliding into your DMs

Google warns infoseccers: Beware of North Korean spies sliding into your DMs

1 week ago
Safe delivery

Safe delivery

1 week ago

Trending

1. Alex Murdaugh
2. Trevon Diggs
3. WWE releases
4. Joe Jonas
5. Angus Cloud
6. Stock market
7. Brandon Aiyuk
8. Splunk
9. Rupert Murdoch
10. Europa League

Popular Article

OpenAI boss Sam Altman receives Indonesia's first golden visa

OpenAI boss Sam Altman receives Indonesia's first golden visa

1 week ago
Morgan Stanley values Tesla's super-hyped supercomputer at up to $500B

Morgan Stanley values Tesla's super-hyped supercomputer at up to $500B

1 week ago
3 sci-fi movies on Prime Video you need to watch in September

3 sci-fi movies on Prime Video you need to watch in September

1 week ago
Square: Last week’s outage was caused by DNS issue, not a cyberattack

Square: Last week’s outage was caused by DNS issue, not a cyberattack

1 week ago
Iranian hackers backdoor 34 orgs with new Sponsor malware

Iranian hackers backdoor 34 orgs with new Sponsor malware

1 week ago
Billions of 'custobots' are coming online. Marketers may need to learn SEO for AI

Billions of 'custobots' are coming online. Marketers may need to learn SEO for AI

1 week ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.