New and old Windows vulnerabilities top Alienvault list

[Reefa]

Adobe's Flash Player may gain a lot of negative headlines, but when it comes to the most frequented targeted software Microsoft Office and Windows beat out the much maligned Adobe software.

 

A new report from Alienvault, the first in a series of three, based on numbers from the company's Open Threat Exchange (OTX) platform found that once in the wild exploits quickly move between criminal groups and nation states and the most effective remain popular for years after their initial discovery and being patched.

 

Alienvault reported that the big winner for 2017 CVE-2017-0199 was the number one ranked exploit having been used by attackers in North Korea (FreeMilk), China (Winnti) and Iran (Oilrig). Criminals also found CVE-2017-0199 useful using it to deploy the Dridex banking Trojan. The vulnerability exists in the way Microsoft Office and WordPad parse specially crafted files allowing remote code execution if left unpatched.

 

When it comes to durability CVE-2012-0158, third on the 2017 Alienvault top 10 list, remains in heavy demand. Microsoft issued an update for this critical flaw in April 2012 that could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.

 

The lone Adobe Flash Player issue, CVE-2016-4117, landed fourth on the list, despite the fact that the vulnerability, which was a zero day, was reported by Fireye in May 2016 and a patch was issued four days later.

 

The only non-Windows bug listed was another oldie but goodie, CVE-2013-6282 for Android/Linux.

 

The next OTX blog in the series will talk about the malware of concern and trends.

 

source