Software vulnerabilities are a regrettable aspect of using technology. A programmer releases a software containing millions of lines of code. Then, hackers scan for vulnerabilities in the coding that will allow them to breach a system. Here are the top vulnerabilities that hackers are exploiting right now.
Developers regularly find vulnerabilities to patch and fix. However, it doesn’t take long for another feature updates causes more issues. Keeping your systems secure can feel like a game of “whack-a-mole.”
Keeping up to date with new vulnerabilities is a primary priority for IT management companies. It is essential to understand which software and operating systems are under attack.
It should be obvious that without continuous monitoring of patches and updates, the company network is vulnerable.
So, what new vulnerabilities are lurking in Microsoft, Google, Adobe, and other products? We’ll go over the top vulnerabilities that hackers are exploiting. These vulnerabilities are also documented in a Cybersecurity and Infrastructure Security Agency (CISA) advisory.
Make Sure you Patch Any of These System Vulnerabilities
There are vulnerabilities in three of Microsoft’s products. Internet Explorer (IE) is one of these apps. Microsoft ended support for IE in June 2022. You should uninstall this from all devices where it is still installed.
The names of vulnerabilities will have the acronym “CVE.” This is the standard naming structure for the industry. Common Vulnerabilities and Exposures is its acronym.
Here is a summary of these vulnerabilities and the damage they can cause:
- CVE-2012-4969: This Internet Explorer vulnerability permits remote code execution. This vulnerability is “critical” due to the damage it enables. Hackers can release this through a website. Thus, formerly secure websites can become phishing sites if hackers exploit this flaw.
- CVE-2013-1331: This flaw in the code comes from Microsoft Office 2003 and Office 2011 for Mac. It allows remote attacks from hackers. It exploits a vulnerability in the buffer overflow feature of Microsoft. Where hackers are able to remotely execute malicious programs.
- CVE-2012-0151: This vulnerability affects the Windows Authenticode Signature Verification mechanism. It enables user-assisted remote code execution on a system. “User-assisted” indicates that the attack requires user participation. For example, by downloading a malware attachment from a phishing email.
On the list are also Google Chrome and applications made utilizing Google’s Chromium V8 Engine. These applications are vulnerable to the following flaws.
- CVE-2016-1646 & CVE-2016-518: Both vulnerabilities allow hackers to launch denial of service attacks. They do these actions against websites remotely. This implies that they can flood a website with so much traffic that is crashes.
- These are not the only two flaws in the coding that allow hackers to crash websites. CVE-2018-17463 and CVE-2017-5070 are two similar vulnerabilities. And, like the others, users can install fixes to patch these weaknesses.
Adobe Acrobat Reader is commonly used to transfer documents. It facilitates their sharing across many platforms and operating systems. However, it is also in this list of common vulnerabilities.
- CVE-2009-4324: is a bug in Adobe Acrobat Reader that permits remote code execution through a PDF file. Because of this, you cannot assume that a PDF attachment will be safer than other file types. Remember this while getting emails from unknown senders.
- CVE-2010-1297: This is a memory corruption flaw. Adobe Flash Player is open to remote execution and denial of service attacks. Like Internet Explorer, the developer retired Flash Player. It no longer supports nor receives security updates. Remove this from all computers and websites.
Netgear is a popular wireless router brand. Additionally, the company sells additional internet-connected products. Due to the following vulnerabilities, these are also susceptible.
- CVE-2017-6862: This vulnerability permits remote code execution. Additionally, it permits bypassing any required password authentication. It exists in a variety of Netgear devices.
- CVE-2019-15271: is a buffer overflow problem affecting Cisco RV series routers. It grants “root” privileges to a hacker. This implies that they can essentially do whatever they want with your device and execute whatever programming they want.
Regularly Patch & Update
These might be the top vulnerabilities that hackers are exploiting today, but there are plenty more out there. How do you protect your network from these vulnerabilities and others? You should regularly deploy patches and updates. Work with a reliable IT expert to manage device and software updates. This assures that your network does not include any potential vulnerabilities.
Automate Your Cybersecurity Today
The handling of patches and updates is only one method in which we can automate your cybersecurity. Learn how else we can be of assistance by booking a consultation with us today.
If you’d like to find out more about what’s new in the tech world, make sure to follow our blog!
STG IT Consulting Group proudly provides IT Service in Greater Los Angeles and the surrounding areas for all of your IT needs.