One of the most popular security vulnerabilities among cyber criminals during the past few months is a software flaw in Microsoft Office that’s over five years old – and it continues to be exploited because, despite a longstanding available security update, many businesses still haven’t applied it.
According to analysis by cybersecurity researchers at Digital Shadows, the most commonly discussed vulnerability among cyber criminals on underground forums over the last three months is CVE-2017-11882 – a security flaw in Microsoft Office first disclosed in 2017.
When exploited successfully, this vulnerability allows cyber criminals to execute remote code on a vulnerable Windows system, providing a way for attackers to drop malware secretly onto the machine.
Malware delivered in attacks exploiting CVE-2017-11882 includes Formbook, which secretly provides attackers with remote access capabilities, keystroke logging, and the ability to take screenshots, putting victims at risk of stolen usernames and passwords.
The vulnerability is also associated with the delivery of Redline, malware that steals usernames, passwords, credit card details and the contents of cryptocurrency wallets, along with the contents of chat logs.
Attacks looking to exploit CVE-2017-11882 often begin with phishing emails designed to lure victims into opening malicious documents, which trigger the bug.
Although a security patch for CVE-2017-11882 has been available for several years, the vulnerability is still prevalent enough to be commonly exploited by cyber criminals.
“These older technologies are still in use by many organizations due to certain dependencies or preferences. The continued use of legacy systems is why these older vulnerabilities live on and remain actively exploited years later,” Nicole Hoffman, senior cyber-threat intelligence analyst at Digital Shadows told ZDNET.
Follina allows attackers to execute remote code and deploy malware to gain access to systems; the vulnerability has been actively exploited by state-backed hacking groups and cyber-criminal gangs. A patch is available to fix this vulnerability.
The third most popular vulnerability is CVE-2022-2294, a zero-day vulnerability in Google Chrome, first disclosed and patched in July. However, many users are yet to apply the security update, so it remains a popular attack method for targeting Google Chrome users.
While regularly applying security updates for all manner of software across an enterprise network can be challenging, this is one of the best things businesses can do to help protect their network and users from falling victim to cyberattacks – particularly if they focus on patching some of the most commonly exploited vulnerabilities.
“Organizations should employ a risk-based approach to their vulnerability and patch management processes. Not all critical vulnerabilities end up being exploited in the wild. Vulnerability Intelligence can help provide valuable context to enable organizations to make informed, risk-based decisions,” said Hoffman.