Most Common Exploits of 2017 in Microsoft Office, Windows

  /     /     /  
Publicated : 22/11/2024   Category : security


Most Common Exploits of 2017 in Microsoft Office, Windows


The most common exploit affects Microsoft Office and has been used by attackers in North Korea, China, and Iran.



The most popular exploits in 2017 targeted Microsoft Office and Windows, report researchers at AlienVault, who say the most common flaws remain exploited for a long period of time.
Each year, the company records anonymized security events from customers and from other vendors threat reports recorded via its Open Threat Exchange (OTX) platform. It combines findings from the two datasets into a single picture of the years threat landscape.
There is significant difference between the most common exploits reported by vendor reports on OTX, and from AlienVaults customers. The dataset of 80 vendor reports indicates four of the top 10 exploits from 2017 target Microsoft Windows and three affect Office. There is one vulnerability each for Adobe Flash, Microsoft .NET, and Android/Linux on the list.
The top-ranked exploit, CVE-2017-0199, is an Office exploit that has been used by targeted attackers in North Korea, China, and Iran, as well as by criminal groups deploying Dridex. CVE-2012-0158, the third most-referenced vulnerability, affects Microsoft Windows.
AlienVault threat engineer Chris Doman
reports
Microsoft has exceptionally mature processes to prevent exploits. However, because its software is so widely used, exploits that slip through the cracks are used heavily once they are discovered.
In contrast with the vendors threat reports, the AlienVault customer dataset is very large and contains billions of security events. Many of the most common exploits reported are fairly old and affect Windows 2000, Miniupnp, SNMP, OpenSSL Poodle, and PHP. There is one Microsoft Office vulnerability (CVE-2011-1277) and an Apache Struts vulnerability on the list.
Doman notes the data is biased toward noisy network-based exploit attempts from worms and exploit scanners, which is why the company is still collecting vulnerabilities from 2001 and 2002. It advises consulting the dataset on vendor reports when planning defense tactics.
Other key findings include the discovery that most effective exploits are quickly adopted by criminal and nation-state groups. NjRat malware variants were most common persisting on networks. On a geographical level, they noticed an increase of attackers located in Russia and North Korea, and a significant drop in activity coming from threat actors based in China.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Most Common Exploits of 2017 in Microsoft Office, Windows