Microsoft products targeted by most widely-used exploits in 2019

Eight of the top ten exploitable flaws targeted Microsoft software, in addition to two Adobe Flash Player vulnerabilities

Eight of the top ten most commonly exploited vulnerabilities used by cyber criminals last year comprised software developed by Microsoft, namely the Microsoft Office suite, WinRAR and Internet Explorer. 

Microsoft products were the most-targeted exploits by the criminal underworld in 2019 through phishing, exploit kits or remote access trojans (RATs), with two flaws in Adobe’s Flash Player making up the full complement. 

Staggeringly, six of the vulnerabilities, all impacting Microsoft, were repeats from 2018’s list of most-exploited flaws, according to a report by Recorded Future.

Four of the ten flaws alone affected Internet Explorer, suggesting that the legacy internet browser is still widely-deployed among organisations, with the remaining vulnerabilities comprising three for Office and one for WinRAR.

“Despite experiencing a drop in browser usage, Internet Explorer is still running in many enterprise environments, making it a top target for threat actors,” the report said. “Only two Adobe Flash vulnerabilities made the top 10, likely due to a combination of better patching and Flash Player’s impending demise in 2020.”

“Many vulnerability and patch management teams face the challenge of keeping up with countless product patch updates without having visibility into which vulnerabilities are actively exploited by cybercriminals.”

Despite there being more than 12,000 vulnerabilities with a CVE rating in 2019, this is fewer than in the 2018 calendar year, when there were 16,000 reported vulnerabilities. More than 1,000 of the 12,000 vulnerabilities recorded last year were prescribed a CVSS score of nine or higher, deeming them ‘critical’.

Moreover, the number of new exploit kits continued to decrease in 2019 versus the previous year, dropping from five to four. This trend was also true for RATs, with 23 new Trojans developed last year versus 37 in 2018.

Many of the top-ten exploited vulnerabilities for 2019 were flaws that were identified a number of years ago, including 9.3 CVSS-rated Office flaw CVE-2017-11882, and the 9.3 CVSS-rated Office flaw CVE-2012-0158.

Notably, the flaw CVE-2017-0199, which was also an Office flaw rated 9.3 in severity, was highlighted as one of the most exploited vulnerabilities for the past three consecutive years. This was targeted by several strains malware ranging from njRAT, to Pony, to QuasarRAT.

Two prominent vulnerabilities from 2019, namely EternalBlue and EternalRomance, were not included in the top ten due to adoption by nation-state hackers as opposed to run-of-the-mill cyber criminals.

Related Resource

Report: The State of Software Security

This annual report explores important trends in software security

Download now

Despite the prominence of Microsoft software targeted last year, the most widely-exploited was an Adobe Flash bug, dubbed CVE-2018-15982, which is a use-after-free vulnerability, meaning that memory can be accessed after it has been freed.

The researchers behind the report have taken this opportunity to urge organisations to prioritise patching Microsoft products in their respective technology stacks, over unpatched systems by other vendors.

Flash Player, meanwhile, should be automatically disabled on employees’ browser settings, with sites increasingly removing this technology ahead of Adobe dropping support for the video player on 31 December 2020.

With the average vulnerability staying alive for seven years, the researchers added, it’s important that organisations patch older vulnerabilities with just as much urgency as freshly exploited flaws.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

School laptops sent by government arrive loaded with malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021