It probably won't surprise you that 7 of the 8 most exploited software vulnerabilities are to be found in Microsoft products.
Their widespread use across organizations and institutions makes them an ideal candidate for cybercriminals. According to U.S. Government technical analysis, malicious cyber actors most often exploit vulnerabilities in Microsoft's Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. But also Adobe Flash Player makes it to the list.
A recent report on the most exploited vulnerabilities by the Cybersecurity & Infrastructure Security Agency (CISA) and the FBI listed the most routinely exploited vulnerabilities in the wild. The interesting thing is that most of these vulnerabilities are pretty old, yet cyber criminals have no problem to continue exploiting these publicly known software vulnerabilities to gain access to your network. The cited reason for this is that the exploitation of these known vulnerabilities often requires fewer resources as compared with new zero-day exploits.
The silver lining in this is that all of them have patches available and could be easily fixed by identifying which machines on your network are still running outdated software. This can require a significant investment of resources, particularly when mitigating multiple flaws at the same time.
So if you need find out that you have these Vulnerabilities contact us and tell us that you read this blog and get 1 hour Free IT Aduit.