Cybercriminals are forever on the hunt for the latest software vulnerabilities to exploit. Cybersecurity professionals race to patch them up. But with more than 12,000 common vulnerabilities and exposures (CVEs) reported in 2019, knowing which to focus on can be a daunting prospect.
To help infosec workers prioritise, researchers at cybersecurity firm Recorded Future analysed last year’s top vulnerabilities to create a list of the top ten most commonly exploited software vulnerabilities of 2019.
Eight out of 10 security flaws affected Microsoft, with four of those targeting Windows Explorer. The remaining two target Adobe Flash Player, with one Adobe vulnerability the most exploited of the year.
Meanwhile, six of the vulnerabilities were from 2018, suggesting companies and individuals are not being proactive enough in rolling out fixes.
The good news is that there are patches available for all of the ten most exploited software vulnerabilities of 2019.
Here are the top ten software flaws, in order of most exploited. For more information and advice, the full Recorded Future report can be found here.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataTen most exploited software vulnerabilities of 2019
1) CVE-2018-15982 – Adobe Flash Player
Associated malware: Fallout Exploit Kit, Spelevo Exploit Kit, Thredkit, GreenFlash Sundown, Lord Exploit Kit, GrandCrab, Capesand Exploit Kit, Maze Ransomware.
Common vulnerability scoring system (CVSS): 10/10
2) CVE-2018-8174 – Microsoft Internet Explorer
Associated malware: SLUB, Fallout Exploit Kit, KaiXin Exploit Kit, LCG Kit Exploit Kit, Magnitude Exploit Kit, RIG Exploit Kit, Trickbot, Underminer Exploit Kit, Capesand Exploit Kit, Dridex, IcedID, Buran Ransomware, Grandcrab
CVSS: 7.6
3) CVE-2017-11882 – Microsoft Office
Associated malware: Agent Tesla Keylogger, Artemis, Formbook, Nanocore, PowerShower, Loki, Heur, Chanitor, Trillium Security Multisploit Tool, Emotet, Silent Doc Exploit, ThreadKit, VenomKit.
CVSS: 9.3
4) CVE-2018-4878 – Adobe Flash Player
Associated malware: Grandcrab, Fallout Exploit Kit, RIG Exploit Kit, Spelevo, Capesand Exploit Kit, GreenFlash Exploit Kit, Hermes Ransomware, Sundown Exploit Kit, Threadkit Exploit Kit.
CVSS: 7.5
5) CVE-2019-0752 – Microsoft Internet Explorer
Associated malware: SLUB, Capesand Exploit Kit.
CVSS: 7.6
6) CVE-2017-0199 – Microsoft Office
Associated malware: njRAT, RevengeRat, Pony, QuasarRAT, REMCOS RAT, SHUTTERSPEED, Silent Doc Exploit Kit, Threadkit Exploit Kit.
CVSS: 9.3
7) CVE-2015-2419 – Microsoft Internet Explorer
Associated malware: Capesand Exploit Kit Sundown Exploit Kit.
CVSS: 9.3
8) CVE-2018-20250 – Microsoft WinRAR
Associated malware: BalkanRAT
CVSS: 6.8
9) CVE-2017-8750 – Microsoft Internet Explorer
Associated malware: ThreadKit Exploit Kit, QuasarRat
CVSS: 7.6
10) CVE-2012-0158 – Microsoft Office
Associated malware: Silent Doc Exploit
CVSS: 9.3
Read more: Exclusive: Data breach exposes 17,000 yachting industry professionals