U.S. Government Shares Most Exploited Vulnerabilities Since 2016

CISA & FBI Want Organizations to Prioritize Patching

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government have provided a technical guidance to all public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.

The alert addresses a number of separate vulnerabilities over the past eight years that foreign attackers appear to have been exploiting. It’s also interesting since it’s not just an advisory from CISA, but also directly from the FBI as well as the U.S. government.

“Foreign cyber actors continue to exploit publicly known – and often dated – software vulnerabilities against broad target sets, including public and private sector organizations,” the alert elaborated. “Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.”

The alert continued with stating that all organizations could greatly alleviate such foreign threats to “U.S. interests through an increased effort to patch their systems and implement programs to keep system patching up to date. A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective.”

In addition to the alert specifying a number of exploits among various operating systems and products, CISA, the FBI, and the U.S. Government recommend that all organizations transition away from any end-of-life software since these clearly receive no additional support or mitigation.

Most Exploited Vulnerabilities

The top most exploited vulnerabilities provided by CISA are (in chronological order):

• CVE-2012-0158
• CVE-2015-1641
• CVE-2017-0143
• CVE-2017-0199
• CVE-2017-5638
• CVE-2017-8759
• CVE-2017-11882
• CVE-2018-4878
• CVE-2018-7600
• CVE-2019-0604

“Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. All three of these vulnerabilities are related to Microsoft’s OLE technology.”

The alert went on to point out that the “flaws malicious cyber actors exploited the most consistently were in Microsoft and Adobe Flash products, probably because of the widespread use of these technologies.”

It’s no surprise to any industry that keeping all systems patched and up-to-date will mitigate any potential attack vectors; however, recent attacks made public in the last few years proves otherwise. In 2017, WannaCry and NotPetya attacks ran rampant causing billions of dollars lost across 200,000 devices among 150 countries.

Just last year, multinational organizations and U.S. city and county governments spent nearly $200 million responding to various ransomware events, all because of easily-exploitable vulnerabilities left unpatched. With a majority of organizations sending their workers home due to COVID-19, corporate endpoints are even more at risk since so many of these businesses lack a proper work-from-home plan. This includes on-premise systems that may or may not be receiving the same level of care since IT departments themselves are no longer on-site.

How Syxsense Can Help

Syxsense is a fully cloud-based solution that helps organizations better secure their endpoints through software patching, deployment, remote assistance, and vulnerability scanning. By default, Syxsense provides auto-approval strategies to ensure the right updates are approved while leaving the optional and problematic updates to the side.

With security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.