Unpatched systems are still one of the significant attack vectors to launch cyberattacks

• The issue can turn worse when the organization can be compromised to steal confidential data or launch DDoS attacks.
• Most of these vulnerabilities are found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.

Leaving a vulnerable system unpatched can invite troubles for an organization. The issue can turn worse when the organization suffers a cyberattack that can result in, but not limited to, compromise of confidential data, DDoS attacks or stealing of customers’ details.

According to a report released by Recorded Future, it has been found that the same vulnerabilities kept showing up year-after-year. An interesting aspect of the report was that most of these vulnerabilities were found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.

Prevalent old flaws

Some of the old flaws that have been quite actively used to launch attacks are:

CVE-2016-0189 - Memory corruption flaw in Microsoft’s Internet Explorer

CVE-2017-8570 - Remote code execution flaw in Microsoft Office

CVE-2017-0143 - Affects SMBv1 protocol

CVE - 2018-11776 -Remote code execution Apache Struts

CVE-2017-11882 - Remote code execution Microsoft Office

CVE-2009-3129 - Remote code execution in Microsoft Excel/Word

CVE-2017-11774 - Security Feature Bypass vulnerability in Microsoft Outlook

Bottom line

It is no surprise that the vulnerabilities above are leveraged in cyberattacks since there are public exploits for all of them. With growing numbers of threats taking advantage of well-known and old vulnerabilities, it is very much necessary for organizations to patch out date systems to protect their data, systems and critical infrastructure against hackers.