Software vulnerabilities are an unfortunate part of working with computers. A developer works hard to put out a software release with millions of lines of code. Hackers then look for loopholes that allow them to breach that code.
The developer issues a patch to fix the vulnerability, but it is not long before a new feature update causes more issues. In the end it is like a game of “whack-a-mole” with the developers fixing issues as they appear.
Without ongoing patch and update management, company networks are vulnerable. A staggering 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. With similar percentages in other countries.
What new vulnerabilities are out at the moment that hacker are taking advantage of? A full list of current issues is available here. Listed below are several such issues from companies such as Microsoft, Google, Adobe and Netgear.
CVE is an industry-standard naming structure, it stands for Common Vulnerabilities and Exposures.
Microsoft Vulnerabilities
Some current Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE back in June of 2022 and you should remove this immediately from any computers that still have it installed.
Here is a rundown of these vulnerabilities and what a hacker can do if they are not patched:
• CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website and a previously safe site can become phishing sites when hackers exploit this loophole.
• CVE-2013-1331: This is a flaw in Microsoft Office 2003 and Office 2011 for Mac. The vulnerability enables hackers to launch remote attacks on systems via a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
• CVE-2012-0151: This issue impacts the Authenticode Signature Verification function within Windows. It allows attackers to execute remote code on a system.
Google Vulnerabilities
Google Chrome browser and applications built using Google’s Chromium V8 Engine are also vulnerable. These applications are open to the following vulnerabilities.
• CVE-2016-1646, CVE-2016-518, CVE-2018-17463 and CVE-2017-5070: All allow attackers to conduct denial of service (DOS) attacks. They do this against websites through remote control which means they can flood a site with so much traffic that it crashes.
Like all the others, patches have already been issued, so ensure you have the pqtest Chrome version installed.
Adobe Vulnerabilities
Adobe Acrobat formatted documents (.pdf files) are widely shared both within businesses and externally. But it’s also an application that is on hackers lists and the following lists some vulnerabilities.
• CVE-2009-4324: Is a flaw in Acrobat Reader and allows hackers to execute remote code via a PDF file. This is why you can not trust that a PDF attachment is going to be safer than other file types – remember this when receiving unfamiliar emails and don’t just automatically open PDF files.
• CVE-2010-1297: This is a memory corruption vulnerability that allows remote execution and denial of service attacks through Adobe Flash Player. Adobe officially retired Flash Player in 2020 and just like Microsoft’s Internet Explorer, it no longer receives support or security updates so should be uninstalled immediately.
Netgear Vulnerability
Software is generally the target of hacker but they can also exploit issues in hardware devices too. For example, Netgear (a manufacturer of network devices) has the following vulnerability:
• CVE-2017-6862: Enables bypassing any needed password authentication and also allows a hacker to execute code remotely. It is present in many different Netgear products. To fix the issue download the latest firmware updates (available from Netgear) for your device.
Make Sure to Patch Any of These Vulnerabilities in Your Systems
The big question though is “How do you keep your network safe from these and other vulnerabilities?”. You should regularly patch and download updates for your hardware and software. Yes it does take some work but if you are time poor think about working with a trusted IT professional to manage this. This ensures you do not have an opening waiting to be exploited in your network.
Pingback: The Biggest Vulnerabilities that Hackers are Feasting on Right Now - TechmindX
Pingback: The Biggest Vulnerabilities that Hackers are Feasting on Right Now – ?? ?? ?? ??