Unpatched systems are still a major attack vector for hackers. These unpatched systems can invite major troubles for an organization. The issue can turn worse when the organization falls victim to a data breach and compromises confidential data.
Time and time again it was found that the same vulnerabilities kept being the top vector for exploitation via phishing attacks which the payload targeted specific flaws in the Microsoft product line.
Some flaws that have been actively used to launch attacks are:
- CVE-2016-0189 – Memory corruption flaw in Microsoft’s Internet Explorer
- CVE-2017-8570 – Remote code execution flaw in Microsoft Office
- CVE-2017-0143 – Affects SMBv1 protocol
- CVE – 2018-11776 -Remote code execution Apache Struts
- CVE-2017-11882 – Remote code execution Microsoft Office
- CVE-2009-3129 – Remote code execution in Microsoft Excel/Word
- CVE-2017-11774 – Security Feature Bypass vulnerability in Microsoft Outlook
It is no surprise that Unpatched Systems Are Still A Major Attack Vector that is being leveraged for cyber attacks. With the growing number of threats taking advantage of well-known and old vulnerabilities, it is imperative that organizations patch out of date systems to protect their data, systems and critical infrastructure against hackers.