Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

  /     /     /  
Publicated : 23/11/2024   Category : security


Most Q2 Attacks Targeted Old Microsoft Vulnerabilities


The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.



Attacks targeting a remote code execution vulnerability in Microsofts MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis.
Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw (
CVE-2021-40444
) last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited.
Kaspersky said it has observed threat actors exploiting the flaw in attacks on organizations across multiple sectors including the energy and industrial sectors, research and development, IT companies, and financial and medical technology firms. In many of these attacks, the adversaries have used social engineering tricks to try and get victims to open specially crafted Office documents that would then download and execute a malicious script. The flaw was under active attack at the time
Microsoft first disclosed it in September 2021
.
The attacks targeting the MSHTML flaw were part of a broader set of exploit activity last quarter that overwhelmingly targeted Microsoft vulnerabilities. According to Kaspersky,
exploits for Windows vulnerabilities accounted for 82%
of all exploits across all platforms during the second quarter of 2022. While attacks on the MSHTML vulnerability increased the most dramatically, it was by no means the most exploited flaw.
Kasperskys telemetry showed far more attacks on a handful of other vulnerabilities from 2018 and 2017. One of them was
CVE-2018-0802
, a remote code execution (RCE) vulnerability in Microsoft Office that was attacked some 345,827 times last quarter. Another similar memory corruption flaw from 2017 (
CVE-2017-11882
) was targeted in 140,623 attacks while a Microsoft Office/WordPad remote code execution flaw also from 2017 (
CVE-2017-0199
) was involved in 60,132 attacks.
The so-called Follina vulnerability in Microsoft Support Diagnostic Tool (MSDT) (
CVE-2022-30190
) was among the most targeted of recent vulnerabilities. The RCE flaw was one of at least
five zero-day flaws
that Microsoft has disclosed this year.
In total, Kaspersky found vulnerabilities in older versions of Microsoft Office being used in attacks against more than half a million users in second quarter. The attacks are another reminder of how unpatched vulnerabilities in older technologies remain a popular and highly attractive target for threat actors, the security vendor noted. Old versions of applications remain the main targets for attackers, with almost 547,000 users in total being affected through corresponding vulnerabilities in the last quarter, Kaspersky said.
Kasperskys report is another reminder of why security experts advocate quick patching of Microsoft vulnerabilities. Recent data has shown attackers have gotten much faster at exploiting flaws than before. A study that Rapid7 conducted last year showed that the
mean time to known exploitation
for vulnerabilities in 2021 was just 12 days — a 71% decrease from 42 days in 2020. The company explained the numbers as being driven by a sharp rise in zero-day exploit activity. A drastic reduction in time to exploitation year over year means that not only are well-worn emergency patching procedures necessary, incident response protocols are likely to require repeated use as well, Rapid7 noted at the time.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Most Q2 Attacks Targeted Old Microsoft Vulnerabilities