Microsoft Tops Critical Vulnerability Rating

Qualys, specializing in ensuring security in cloud services, Published list of 20 of the most exploited vulnerabilities, which are used by cybercriminals for attacks on various systems. The list is based on analysis of real incidents related to the use of these vulnerabilities, as well as on research on the own laboratory of Qualys Threat Research Unit (TRU).

According to Qualys, 15 out of 20 vulnerabilities mentioned are related to Microsoft products, three with Oracle software, and one with Linux, Jura, Apache, Citrix, Ivanti and Fortinet.

TOP-20 vulnerabilities according to Qualys covers events in the field of information security from 2013 to 2021 and include:

  • CVE-2017-11882: Damage to memory in Microsoft Office, which allows you to execute the code when opening a specially executed document. The vulnerability is involved in 467 malicious software, attacks 53 attackers and 14 extortion programs;
  • cve-2017-0199: vulnerability to Microsoft WordPad, which allows to execute the code when opening a specially designed file. It is involved in 93 malicious software, attacks of 53 attackers and 5 extortion programs;
  • cve-2012-0158: vulnerability to Windows Common Controls, which allows you to execute the code when opening a specially designed Web page. It is involved in 63 harmful software, attacks of 45 attackers and 2 extortion programs;
  • cve-2017-8570: vulnerability to Microsoft Office, which allows the code when opening a specially executed document. It is involved in 52 malicious software and attacks of 11 attackers;
  • CVE-2020-1472: Zerologon’s vulnerability in the implementation of the Microsoft Netlogon Remote Protocol protocol, which affects Windows and Samba, and allows the administrator to obtain the rights of the domain controller. Involved in 18 malicious software, attacks of 16 attackers and 11 extortion programs;
  • cve-2017-0144, CVE-2017-0145, CVE-2017-0143: Wannacry vulnerability to Windows, which allows to fulfill the code through sending the request According to the protocol SMBV1. It is involved in 12 malicious software, attacks of 10 attackers and 12 extortion programs;
  • cve-2012-1723: vulnerability in the Baitkode of the Java bytcode, which allows you to execute your code when opening a page with a specially designed Java applet. Involved in 91 malicious software, attacks of 18 attackers and 41 extortion programs;
  • cve-2021-34473, CVE-2021-34523, CVE-2021-31207: ProxyShell vulnerability in Microsoft Exchange Server, which allows you to fulfill its code On the server through sending a specially executed request to Microsoft Client Access Service (CAS). It is involved in 12 malicious software, attacks of 20 attackers and 12 extortion programs;
  • cve-2019-11510: vulnerability in the VPN Pulse Connect Secure, which allows you to read any files from the connection point, including access keys without authentication. It is involved in 13 malicious software, attacks of 18 attackers and 12 extortion programs;
/Reports, release notes, official announcements.