Keeping up with updates and patching may be something you hear cyber professionals harping on quite often. There is a reason for this. Unpatched vulnerabilities cause unforced errors when it comes to network security far too often.
As many as 60% of organizations admit to being the victim of a cyberattack that could have been prevented had a patch been applied for a known vulnerability. With cyberattacks growing in volume and sophistication every year, you definitely do not need to be helping attackers by leaving vulnerabilities in your system.
A ”vulnerability” is typically a flaw in the code that is used in an operating system, software, or in the firmware that runs a device. These vulnerabilities are found and exploited by hackers who write their code to use the flaw in their favor.
Once identified, manufacturers and software developers will put out updates that include security patches to fix the flaw and stop it from being exploited. However, they can only release the update, it’s up to the customer of their product to install that update. And too often, they’re not installed fast enough or at all.
Vulnerability assessment is an activity that any organization should be doing regularly, especially mission-critical facilities. The more “holes” in your network and endpoints that you can seal up, the better your security stance and the lower your risk of a breach.
Those pesky vulnerabilities are a serious matter and they’re harder to overcome than you may think. Some of the most common vulnerabilities that hackers are exploiting today, were found years ago. Unfortunately, there are still systems out there that have never identified the vulnerability, and never applied the necessary patch to fix it.
Hackers keep scoring hits on these vulnerabilities because they’re in popular tools from companies like Microsoft, Google, Cisco, Netgear, and others.
Next, we’ll take a look at some of the most common vulnerabilities that the Cybersecurity & Infrastructure Security Agency (CISA) recently added to its known exploited vulnerabilities catalog. You need to be aware of these to ensure they’ve been addressed in your network.
Be Aware of These Commonly Exploited System Vulnerabilities
When vulnerabilities are identified they are given a code that begins with “CVE” – Common Vulnerabilities and Exposures. This is followed by the year of identification, and an identifying number.
You will see what we mean when we say some of those commonly exploited vulnerabilities have been around for a few years when you see the year in the CVE codes below.
Microsoft: CVE-2013-1331: This flaw in Microsoft Office is due to a buffer overflow vulnerability. It enables a hacker to launch remote attacks.
Microsoft: CVE-2012-0151: Another older, but still commonly exploited flaw is in Microsoft Windows. It’s a problem with the Authenticode Signature Verification function in the OS and allows hackers to execute remote code.
This vulnerability is user-assisted, meaning that a user needs to do something like open a phishing email and download an attachment to introduce the exploit into the system.
Google: CVE-2016-1646 & CVE-2016-5198: These two vulnerabilities are in Google’s Chromium V8 Engine which runs Chrome. It allows attackers to conduct a denial-of-service attack.
Google: CVE-2018-17463 & CVE-2017-5070: These are two more vulnerabilities in the Chromium V8 Engine. It’s not unusual for vulnerabilities to be used in combination with each other. One allows access and another allows remote code execution. These two vulnerabilities allow hackers to remotely execute code and gain access to company networks.
Adobe: CVE-2009-4324: This is a vulnerability in the popular Adobe Acrobat and Adobe Reader tools. If exploited, it allows a bad actor to use a PDF to infect a system with malware. This is particularly dangerous because most users will open a PDF attachment in an unfamiliar email thinking that it can’t have any malicious code inside like other files.
Netgear: CVE-2017-6862: This is one of the many vulnerabilities found in routers. This buffer overflow vulnerability is present in many Netgear products. It allows a hacker to bypass normal authentication to execute code remotely.
Cisco: CVE-2019-15271: Another router flaw, this one is in the Cisco RV series routers. This vulnerability gives hackers root privileges and allows them to execute code.
When you read “execute remote code” that can sound somewhat innocuous, but what it means is something much worse than it sounds. Being able to execute code in a system can allow a hacker to take over the system. This can lead to a computer server being taken over for crypto mining, sensitive files being downloaded, backdoors for easy entry into your network being added, and other types of cybersecurity consequences.
Get Cyberwiz-Pro to Stay on Top of Vulnerability Assessment & Management
Cyberwiz-Pro by WizNucleus offers comprehensive vulnerability management. Assess multiple CVEs in just a few mouse clicks!
Contact us today to schedule a free consultation! Call +1 (646) 558-5577 (New York, NY) or +1 (469) 481-1726 (Carrollton, TX) or reach out online.