Top 20 Most Exploited Vulnerabilities: Microsoft Products Draw Hackers

Discovering and patching the delivery vulnerabilities in on the present time’s likelihood landscape is one amongst the utmost priorities for security researchers and analysts.

Identifying weaponized high-likelihood CVEs actively targeted by Risk Actors and ransomware in the gargantuan CVE landscape is mandatory.

Researchers at Qualys currently unveiled the tip 20 most exploited vulnerabilities and affirmed that hackers are in particular drawn to the merchandise of Microsoft.

Moreover this, among these high 20 most exploited vulnerabilities, some are segment of the most up-to-date CISA Joint Cybersecurity Advisory (CSA), published on August 3, 2023.

Top 20 Most Exploited Vulnerabilities

Here below, now we absorb talked about the final high 20 most exploited vulnerabilities:-

1. CVE-2017-11882

• Description: Microsoft Predicament of job Reminiscence Corruption Vulnerability
• Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (Seventy nine times)
• Qualys Vulnerability Detection (QID): 110308

2. CVE-2017-0199

• Description: Microsoft Wordpad A ways flung Code Execution Vulnerability
• Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times)
• Qualys Vulnerability Detection (QID): 110297

3. CVE-2012-0158

• Description: Vulnerability in Windows Frequent Controls Could per chance per chance per chance Allow RCE
• Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times)
• Qualys Vulnerability Detection (QID): 90793

4. CVE-2017-8570

• Description: Microsoft Predicament of job A ways flung Code Execution Vulnerability
• Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times)
• Qualys Vulnerability Detection (QID): 110300

5. CVE-2020-1472

• Description: Zerologon – An Unauthenticated Privilege Escalation to Beefy Enviornment Privileges
• Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times)
• Qualys Vulnerability Detection (QID): 91680

6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143

• Description: Windows SMBv1 A ways flung Code Execution Vulnerability WannaCry, Petya
• Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times)
• Qualys Vulnerability Detection (QID):  91361, 91360, 91359, 91345

7. CVE-2012-1723

• Description: Java Applet Self-discipline Bytecode Verifier Cache A ways flung Code Execution
• Vulnerability Trending Over Years: 2023 (6 times)
• Qualys Vulnerability Detection (QID):  120274

8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207

• Description: Microsoft Alternate Server RCE (ProxyShell)
• Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times)
• Qualys Vulnerability Detection (QID):  50114, 50111, 50112

9. CVE-2019-11510

• Description: Pulse Stable Pulse Join Stable SSL VPN Unauthenticated Direction
• Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times)
• Qualys Vulnerability Detection (QID):  38771

10. CVE-2021-44228

• Description: Apache Log4j A ways flung Code Execution Vulnerability
• Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times)
• Qualys Vulnerability Detection (QID):  376157, 730297

11. CVE-2014-6271

• Description: Shellshock – Linux Bash Vulnerability
• Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times)
• Qualys Vulnerability Detection (QID):  122693, 13038, 150134

12. CVE-2018-8174

• Description: Windows VBScript Engine A ways flung Code Execution Vulnerability
• Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times)
• Qualys Vulnerability Detection (QID):  91447

13. CVE-2013-0074

• Description: Microsoft Silverlight Could per chance per chance per chance Allow A ways flung Code Execution
• Vulnerability Trending Over Years: 2023 (8 times)
• Qualys Vulnerability Detection (QID):  90870

14. CVE-2012-0507

• Description: Oracle Java SE A ways flung Java Runtime Atmosphere Vulnerability
• Vulnerability Trending Over Years: 2023 (10 times)
• Qualys Vulnerability Detection (QID):  119956

15. CVE-2019-19781

• Description: Citrix ADC and Citrix Gateway – A ways flung Code Execution (RCE) Vulnerability
• Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times)
• Qualys Vulnerability Detection (QID):  372305, 150273

16. CVE-2018-0802

• Description: Microsoft Predicament of job Reminiscence Corruption Vulnerability
• Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times)
• Qualys Vulnerability Detection (QID):  110310

17. CVE-2021-26855

• Description: Microsoft Alternate Server Authentication Bypass (RCE)
• Vulnerability Trending Over Years: 2021, 2023 (46 times)
• Qualys Vulnerability Detection (QID):  50107, 50108

18. CVE-2019-2725

• Description: Oracle WebLogic Tormented by Unauthenticated RCE Vulnerability
• Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times)
• Qualys Vulnerability Detection (QID):  150267, 87386

19. CVE-2018-13379

• Description: Fortinet FortiGate (FortiOS) Machine File Leak via Stable Sockets Layer (SSL)
• Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times)
• Qualys Vulnerability Detection (QID):  43702

20. CVE-2021-26084

• Description: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability
• Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times)
• Qualys Vulnerability Detection (QID):  730172, 150368, 375839

Advice

Security analysts at Qualys suggested users to without lengthen name the inclined sources to these high most exploited CVEs, then prioritize remediation and use Qualys Patch to lower likelihood speedily.

Moreover, make certain that to leverage the dynamic Risk Intelligence with Qualys VMDR to streamline high-likelihood vulnerability prioritization.