Which vulnerabilities were most exploited by cyber-criminals in 2019?
Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)?
The list is comprised of two vulnerabilities in Adobe Flash Player, four vulnerabilities affecting Microsoft’s Internet Explorer browser, three MS Office flaws and one WinRAR bug. Most have been flagged and patched in the last few years – as can be seen by their CVE numbers – but one of them dates as far back as 2012.
With all of this in mind, it’s advised that admins should prioritize the patching of Microsoft products (and all the aforementioned vulnerabilities), automatically disable Flash Player wherever possible, remove affected software if it’s not needed, and install browser ad-blockers to prevent exploitation via advertising.
The top-10 cyber-exploits of 2019 CVE-2018-15982 – a use-after-free in the Flash’s file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim’s computer. CVE-2018-8174 – Windows VBScript Engine Remote Code Execution Vulnerability. CVE-2017-11882 – takes advantage of a vulnerability in an older version of the Office Equation Editor, which was manually patched by Microsoft in November 2017. This vulnerability’s malicious payload is detected as Trojan:MSIL/Cretasker. CVE-2018-4878 – Flash Player vulnerability CVE-2019-0752 – MS Office Scripting Engine Memory Corruption Vulnerability CVE-2017-0199 – MS Office zero-day vulnerability which delivers the Dridex banking malware CVE-2015-2419 – MS Internet Explorer (IE) vulnerability CVE-2018-20250 – WinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted. CVE-2017-8750 – Microsoft Browser Memory Corruption Vulnerability CVE-2012-0158 – a vulnerability in MSCOMCTL.OCX in Microsoft Office and some other Microsoft products.
Some exploits persisted over the years, some didn’t last that long
See how the top-10 list evolved over the years. Colors denote repeat appearances on the list:
2019
2018
2017
2016
1. CVE-2018-15982
1. CVE-2018-8174
1. CVE-2017-0199
1. CVE-2016-0189
2. CVE-2018-8174
2. CVE-2018-4878
2. CVE-2016-0189
2. CVE-2016-1019
3. CVE-2017-11882
3. CVE-2017-11882
3. CVE-2017-0022
3. CVE-2016-4117
4. CVE-2018-4878
4. CVE-2017-8750
4. CVE-2016-7200
4. CVE-2015-8651
5. CVE-2019-0752
5. CVE-2017-0199
5. CVE-2016-7201
5. CVE-2016-0034
6. CVE-2017-0199
6. CVE-2016-0189
6. CVE-2015-8651
6. CVE-2016-1010
7. CVE-2015-2419
7. CVE-2017-8570
7. CVE-2014-6332
7. CVE-2014-4113
8. CVE-2018-20250
8. CVE-2018-8373
8. CVE-2016-4117
8. CVE-2015-8446
9. CVE-2017-8750
9. CVE-2012-0158
9. CVE-2016-1019
9. CVE-2016-3298
10. CVE-2012-0158
10. CVE-2015-1805
10. CVE-2017-0037
10. CVE-2015-7645
The top-10 list is comprised of two vulnerabilities in Adobe Flash Player, four vulnerabilities affecting Microsoft’s Internet Explorer browser, three MS Office flaws and one WinRAR bug. Most have been flagged and patched in the last few years – as can be seen by their CVE numbers – but one of them dates as far back as 2012.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.