Finding and patching the open vulnerabilities in today’s threat landscape is one of the utmost priorities for security researchers and analysts.
Identifying weaponized high-risk CVEs actively targeted by Threat Actors and ransomware in the vast CVE landscape is crucial.
Researchers at Qualys recently unveiled the top 20 most exploited vulnerabilities and affirmed that hackers are particularly drawn to the products of Microsoft.
Apart from this, among these top 20 most exploited vulnerabilities, some are part of the latest CISA Joint Cybersecurity Advisory (CSA), published on August 3, 2023.
Top 20 Most Exploited Vulnerabilities
Here below, we have mentioned all the top 20 most exploited vulnerabilities:-
Description: Microsoft Office Memory Corruption Vulnerability
Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (79 times)
Qualys Vulnerability Detection (QID): 110308
Description: Microsoft Wordpad Remote Code Execution Vulnerability
Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times)
Qualys Vulnerability Detection (QID): 110297
Description: Vulnerability in Windows Common Controls Could Allow RCE
Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times)
Qualys Vulnerability Detection (QID): 90793
Description: Microsoft Office Remote Code Execution Vulnerability
Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times)
Qualys Vulnerability Detection (QID): 110300
Description: Zerologon – An Unauthenticated Privilege Escalation to Full Domain Privileges
Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times)
Qualys Vulnerability Detection (QID): 91680
6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143
Description: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya
Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times)
Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345
Description: Java Applet Field Bytecode Verifier Cache Remote Code Execution
Vulnerability Trending Over Years: 2023 (6 times)
Qualys Vulnerability Detection (QID): 120274
8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
Description: Microsoft Exchange Server RCE (ProxyShell)
Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times)
Qualys Vulnerability Detection (QID): 50114, 50111, 50112
Description: Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path
Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times)
Qualys Vulnerability Detection (QID): 38771
10. CVE-2021-44228
Description: Apache Log4j Remote Code Execution Vulnerability
Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times)
Qualys Vulnerability Detection (QID): 376157, 730297
11. CVE-2014-6271
Description: Shellshock – Linux Bash Vulnerability
Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times)
Qualys Vulnerability Detection (QID): 122693, 13038, 150134
12. CVE-2018-8174
Description: Windows VBScript Engine Remote Code Execution Vulnerability
Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times)
Qualys Vulnerability Detection (QID): 91447
13. CVE-2013-0074
Description: Microsoft Silverlight Could Allow Remote Code Execution
Vulnerability Trending Over Years: 2023 (8 times)
Qualys Vulnerability Detection (QID): 90870
14. CVE-2012-0507
Description: Oracle Java SE Remote Java Runtime Environment Vulnerability
Vulnerability Trending Over Years: 2023 (10 times)
Qualys Vulnerability Detection (QID): 119956
15. CVE-2019-19781
Description: Citrix ADC and Citrix Gateway – Remote Code Execution (RCE) Vulnerability
Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times)
Qualys Vulnerability Detection (QID): 372305, 150273
16. CVE-2018-0802
Description: Microsoft Office Memory Corruption Vulnerability
Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times)
Qualys Vulnerability Detection (QID): 110310
17. CVE-2021-26855
Description: Microsoft Exchange Server Authentication Bypass (RCE)
Vulnerability Trending Over Years: 2021, 2023 (46 times)
Qualys Vulnerability Detection (QID): 50107, 50108
18. CVE-2019-2725
Description: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability
Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times)
Qualys Vulnerability Detection (QID): 150267, 87386
19. CVE-2018-13379
Description: Fortinet FortiGate (FortiOS) System File Leak through Secure Sockets Layer (SSL)
Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times)
Qualys Vulnerability Detection (QID): 43702
20. CVE-2021-26084
Description: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability
Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times)
Qualys Vulnerability Detection (QID): 730172, 150368, 375839
Recommendation
Security analysts at Qualys urged users to immediately identify the vulnerable assets to these top most exploited CVEs, then prioritize remediation and use Qualys Patch to cut risk fast.
Moreover, make sure to leverage the dynamic Threat Intelligence with Qualys VMDR to streamline high-risk vulnerability prioritization.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Top 20 Most Exploited Vulnerabilities: Microsoft Products Draw Hackers appeared first on Cyber Security News.
Cyber Security News
