The Biggest Vulnerabilities that Hackers are Feasting on Right Now

Vulnerabilities in Your System that Hackers explore

Software vulnerabilities are an unfortunate part  of working with technology. A developer puts out a software release with  millions of lines of code. Then, hackers look for loopholes that allow them  to breach a system through that code.

The developer issues a patch to fix the  vulnerability. But it’s not long before a new feature update causes more.  It’s like a game of “whack-a-mole” to keep your systems secure.

Keeping up with new vulnerabilities is one of the  top priorities of IT management firms. It’s important to know which software  and operating systems are being attacked.

Without ongoing patch and update management,  company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S.  cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities.  This is a global problem.

What new vulnerabilities are lurking in products  from Microsoft, Google, Adobe, and others? We’ll go through several. These  were recently noted in a warning by the  Cybersecurity and Infrastructure Security Agency (CISA).

Make Sure  to Patch Any of These Vulnerabilities in Your System

Microsoft  Vulnerabilities

Microsoft vulnerabilities include those in three  of its products. Internet Explorer (IE) is one of them. Microsoft  discontinued IE in June of 2022. You should remove this from any computers  that still have it installed.

You’ll see the acronym “CVE” used in the  vulnerability names. This is an industry-standard naming structure. It stands  for Common Vulnerabilities and Exposures.

Here is a rundown of these vulnerabilities and  what a hacker can do:

CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of  code. This is a “critical” vulnerability because of the damage it enables.  Hackers can release this via a website. Thus, formerly safe sites can become  phishing sites when hackers exploit this loophole.

CVE-2013-1331: This is a flaw in the  code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to  launch remote attacks. It exploits a vulnerability in Microsoft’s buffer  overflow function. This allows hackers to execute dangerous code remotely.

CVE-2012-0151: This issue impacts the  Authenticode Signature Verification function of Windows. It allows  user-assisted attackers to execute remote code on a system. “User-assisted”  means that they need the user to assist in the attack. Such as by opening a  malicious file attachment in a phishing email.  

Google  Vulnerabilities

Google Chrome and applications built using  Google’s Chromium V8 Engine are also on the list. These applications are  targets of the following vulnerabilities.

CVE-2016-1646 & CVE-2016-518:  These both allow attackers to conduct denial of service attacks. They do this  against websites through remote control. This means they can flood a site  with so much traffic that it crashes.

  Those aren’t the only  two code flaws that allow hackers to crash sites this way. Two others, CVE-2018-17463 and CVE-2017-5070 both  do the same thing. And like all these others, have patches already issued  that users can install to fix these holes.

Adobe  Vulnerabilities

People use Adobe Acrobat Reader widely to share  documents. It makes it easy to share them across different platforms and  operating systems. But it’s also a tool that’s on this list of popular  vulnerabilities.  

CVE-2009-4324: This is a flaw in  Acrobat Reader that allows hackers to execute remote code via a PDF file.  This is why you can’t trust that a PDF attachment is going to be safer than  other file types. Remember this when receiving unfamiliar emails.

CVE-2010-1297: This memory corruption  vulnerability. It allows remote execution and denial of service attacks  through Adobe Flash Player. Like IE, the developer retired Flash Player. It  no longer receives support or security updates. You should uninstall this  from all PCs and websites.

Netgear  Vulnerability

Netgear is a popular brand of wireless router.  The company also sells other internet-connected devices. These are also  vulnerable, due to the following flaws.  

CVE-2017-6862: This flaw allows a  hacker to execute code remotely. It also enables bypassing any needed  password authentication. It's present in many different Netgear products.

Cisco  Vulnerability

CVE-2019-15271: This is a vulnerability  in the buffer overflow process of Cisco RV series routers. It gives a hacker  “root” privileges. This means they can basically do anything with your device  and execute any code they like.

Patch  & Update Regularly!

These are a few of the security vulnerabilities  listed on the CISA list. You can see all 36 that were added here.

How do you keep your network safe from these and  other vulnerabilities?  You should  patch and update regularly. Work with a trusted IT professional to manage  your device and software updates. This ensures you don’t have a breach  waiting to happen lurking in your network.



Automate  Your Cybersecurity Today

Patch and update management is just one way that  we can automate your cybersecurity. Learn how else we can help by scheduling  a consultation today.


Article used with permission from The Technology Press.