Unpatched systems are still one of the significant attack vectors to launch cyberattacks

Leaving a vulnerable system unpatched can invite troubles for an organization. The issue can turn worse when the organization suffers a cyberattack that can result in, but not limited to, compromise of confidential data, DDoS attacks or stealing of customers’ details.

According to a report released by Recorded Future, it has been found that the same vulnerabilities kept showing up year-after-year. An interesting aspect of the report was that most of these vulnerabilities were found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.

Prevalent old flaws

Some of the old flaws that have been quite actively used to launch attacks are:

  • CVE-2016-0189 - Memory corruption flaw in Microsoft’s Internet Explorer
  • CVE-2017-8570 - Remote code execution flaw in Microsoft Office
  • CVE-2017-0143 - Affects SMBv1 protocol
  • CVE - 2018-11776 -Remote code execution Apache Struts
  • CVE-2017-11882 - Remote code execution Microsoft Office
  • CVE-2009-3129 - Remote code execution in Microsoft Excel/Word
  • CVE-2017-11774 - Security Feature Bypass vulnerability in Microsoft Outlook

It is no surprise that the vulnerabilities above are leveraged in cyberattacks since there are public exploits for all of them. With growing numbers of threats taking advantage of well-known and old vulnerabilities, it is very much necessary for organizations to patch out date systems to protect their data, systems and critical infrastructure against hackers.