Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

U.S. Government Issues Alert on Most Exploited Vulnerabilities

Several Microsoft Office vulnerabilities that were patched years ago continue to be among the security flaws most exploited in attacks, the U.S. government warns.

Several Microsoft Office vulnerabilities that were patched years ago continue to be among the security flaws most exploited in attacks, the U.S. government warns.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) this week published an alert to provide guidance on some of the vulnerabilities that are most targeted in attacks.

The bugs, the alert underlines, are routinely exploited by foreign cyber actors in attacks targeting both the public and private sectors, and risks associated with them could be mitigated “through an increased effort to patch systems and implement programs to keep system patching up to date.”

Between 2016 and 2019, threat actors mainly attempted to compromise systems through vulnerabilities in Microsoft Office (CVE-2017-11882, CVE-2017-0199, CVE-2012-0158, CVE-2015-1641), Apache Struts (CVE-2017-5638), Microsoft SharePoint (CVE-2019-0604), Microsoft Windows (CVE-2017-0143), Microsoft .NET Framework (CVE-2017-8759), Adobe Flash Player (CVE-2018-4878), and Drupal (CVE-2018-7600).

Attacks attempting to exploit these security issues tried to deploy a broad range of malware families, including Loki, FormBook, Pony/FAREIT, FINSPY, LATENTBOT, Dridex, JexBoss, China Chopper, DOGCALL, FinFisher, WingBird, Toshliph, UWarrior, and Kitty, among others.

The three vulnerabilities that state-sponsored threat actors from China, Iran, North Korea, and Russia are abusing most frequently impact Microsoft Office and have been patched long ago: CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158.

“According to U.S. Government technical analysis, malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts,” the alert reads.

In 2015, the U.S. government assessed that CVE-2012-0158 was the most used in Chinese threat actors’ cyber operations, and the vulnerability continues to be widely used by these hackers.

“This trend suggests that organizations have not yet widely implemented patches for this vulnerability and that Chinese state cyber actors may continue to incorporate dated flaws into their operational tradecraft as long as they remain effective,” the U.S. government says.

In 2020, in addition to the aforementioned vulnerabilities, threat actors started wide exploitation of virtual private network flaws (CVE-2019-19781 and CVE-2019-11510), Microsoft Office 365 misconfigurations, and cybersecurity weaknesses such as poor employee training on social engineering, and the lack of system recovery and contingency plans.

Related: Patching Pulse Secure VPN Not Enough to Keep Attackers Out, CISA Warns

Related: DHS Reiterates Recommendations on Securing Office 365

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.