Which vulnerabilities were most exploited by cybercriminals in 2019?
Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)?
Table of top exploited CVEs between 2016 and 2019 (repeats are noted by color)
Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.
The list
The list is comprised of two vulnerabilities in Adobe Flash Player, four vulnerabilities affecting Microsoft’s Internet Explorer browser, three MS Office flaws and one WinRAR bug:
- CVE-2018-15982
- CVE-2018-8174
- CVE-2017-11882
- CVE-2018-4878
- CVE-2019-0752
- CVE-2017-0199
- CVE-2015-2419
- CVE-2018-20250
- CVE-2017-8750
- CVE-2012-0158
Most have been flagged and patched in the last few years – as can be seen by their CVE numbers – but one of them dates as far back as 2012.
The researchers put the popularity of Microsoft vulnerabilities (as compared to Flash bugs) down to a combination of better patching and Flash Player’s impending demise in 2020, and noted the importance of patching Microsoft products in a timely manner.
Among other, more recently patched flaws that made the top 20 list are CVE-2019-0841, a privilege escalation vulnerability in the Windows AppX Deployment Service and CVE-2019-3396, a server-side template injection vulnerability in the Atlassian Confluence Server and Data Center Widget Connector that could be used for remote code execution.
With all of this in mind, they advise admins to prioritize the patching of Microsoft products (and all the aforementioned vulnerabilities), automatically disable Flash Player wherever possible, remove affected software if it’s not needed, and install browser ad-blockers to prevent exploitation via malvertising.