With all the recent attention paid to zero-day attacks, there’s a tendency to overlook the ongoing exploit of known vulnerabilities that simply haven’t been patched. Vulnerability management is a critical component of any cybersecurity program. In concept, it seems simple: scan your system for vulnerabilities, then apply patches. In practice, it’s anything but. Legacy systems, proprietary software, incomplete asset inventories, IoT devices and sprawling supply chains all impede timely identification and remediation. However, unpatched vulnerabilities are like an unlocked door. You might be fine for a while, but it’s likely only a matter of time before a hacker comes along and jiggles the handle.
There are several vulnerabilities that are currently trending among cybercriminals, including some with fixes readily available for months or even years. Here’s a few commonly exploited vulnerabilities that you should patch immediately.
Two-Decades-Old Microsoft Office Flaw
A memory corruption vulnerability in Microsoft Office, known as CVE-2017-11882, went unnoticed for 17 years before it was discovered by security researchers in 2017. The vulnerability occurs when the software improperly handles objects in memory, allowing an attacker to run arbitrary code.
CVE-2017-11882 is frequently exploited to this day, often via phishing attacks that trick users into opening a malicious document file. The vulnerability is particularly dangerous if the user has administrative privileges, potentially allowing an attacker full control of the infected system.
Microsoft issued a patch for the flaw in late 2017 that you can get here.
CVE-2022-30190, dubbed “Follina,” is another Microsoft vulnerability often exploited using malicious Office documents to facilitate remote code execution. Reported to Microsoft in April 2022, the vulnerability has been widely exploited, including by state-aligned actors.
Microsoft released a patch to fix Follina in June that’s available here.
The Worst Vulnerability Ever
The notorious Log4Shell vulnerability, tracked as CVE-2021-44228, is one of the most dangerous software vulnerabilities ever. Log4Shell affects multiple versions of the Apache Log4j library and has been exploited by crypto-miners, botnets and malware.
Log4Shell was the most frequently exploited vulnerability last year and, due to the ubiquitous use of the Log4j library, perhaps the most challenging to remediate, overwhelming many security teams. The vulnerability is still being exploited, with the Cyber Safety Review Board warning that, like Covid, it may become endemic.
CISA has provided guidance on identifying and remediating the Log4Shell flaw.
Looking for Help With Vulnerability Management?
The experts at MBL Technologies are well-versed in every major scanning platform. We can help you implement a comprehensive, consistent approach to vulnerability management to ensure you’re not leaving the doors unlocked.