Once each loophole is discovered, developers issue patches to “fix” it. However, feature updates invariably cause more vulnerabilities, making software development and release one more front on the age old arms war.
IT management firms make the vast majority of their money on keeping up with new vulnerabilities. Knowing which software and operating systems are under attack at any given time is the majority of those firms’ work.
Company networks remain vulnerable without ongoing patch and update management overseen by an educated human with judgment. Most of the successful attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 can be chalked up to patchable vulnerabilities that went unpatched. More than the U.S., though, this is a global problem.
Microsoft, Google, Adobe, Apple, and so many more release products on an ongoing basis. What new vulnerabilities lurk in such cutting edge software? We collected several that were collated in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).
Patch These Vulnerabilities in Your Systems ASAP
Microsoft Vulnerabilities
Three Microsoft products contain known vulnerabilities. The worst Microsoft product right now is Internet Explorer (IE). Microsoft discontinued IE in June of 2022, and hasn’t offered a single patch or update since then. Due to the lack of support, IE offers a wide open gate to anyone wanting to use it for criminal reasons. Remove it from all computers that might still have it installed to slam that gate shut.
The acronym “CVE” is frequently used in the vulnerability names. This acronym is an industry-standard naming structure which stands for Common Vulnerabilities and Exposures.
What a hacker can do with these programs:
- CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code, meaning a criminal can force run any program they want to run from a distance. This is a “critical” vulnerability because of the damage it enables. Hackers can release their malicious code via a website. Formerly safe sites become phishing sites when hackers exploit this loophole.
- CVE-2013-1331: This particular designated flaw in the code for Microsoft Office 2003 and Office 2011 for Mac enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function, allowing hackers to execute dangerous code remotely.
- CVE-2012-0151: This flaw impacts the Authenticode Signature Verification function of Windows. User-assisted attackers can execute remote code on a system with it. “User-assisted” means that they need the user to assist in the attack, such as by opening a malicious file attachment in a phishing email. The user doesn’t have to know they’re helping
Google Vulnerabilities
Google Chrome and applications built with Google’s Chromium V8 Engine are also on the list of vulnerable programs.
- CVE-2016-1646 & CVE-2016-518: These two allow attackers to conduct denial of service attacks against websites through remote control. To translate out of geek, they can flood a site with so much “traffic” that it crashes.
- Those two code flaws aren’t the only ones that allow hackers to crash sites this way. Two others, CVE-2018-17463 and CVE-2017-5070, do the same thing. And like all these others, each of these already issued patches that users can install to disable those hackers.
Adobe Vulnerabilities
People use Adobe Acrobat Reader widely to share documents, believing that doing so is safe. Adobe has made it easy to share across different platforms and operating systems. Unfortunately, its popularity made it a target. It’s also a tool on this list of popular vulnerabilities.
- CVE-2009-4324: A flaw in Acrobat Reader allowing hackers to execute remote code (run a program) via a PDF file. You can’t trust that a PDF attachment is going to be safer than other file types anymore. Remember this when receiving unfamiliar emails.
- CVE-2010-1297: This memory corruption vulnerability allows remote execution and denial of service attacks through Adobe Flash Player. Just like IE, Adobe retired Flash Player. It no longer receives support or security updates, or indeed updates of any kind. Uninstall this from all PCs and websites as soon as you can.
Netgear Vulnerability
Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.
- CVE-2017-6862: This flaw allows a hacker to run any program they want remotely. As if that wasn’t bad enough, the flaw also lets criminals bypass any needed password authentication. It’s present in many different Netgear products.
Cisco Vulnerability
Cisco, like Netgear, offers Internet connection hardware.
- CVE-2019-15271: A vulnerability in the buffer overflow process of Cisco RV series routers, this flaw gives a hacker “root” privileges. Having root access means those criminals can do anything with your device and execute any code they like on your system.
Patch & Update Regularly!
These are just a few of the most dangerous security vulnerabilities listed on the CISA list. You can see all 36 added here.
How do you keep your network as safe as possible? Patch and update regularly. Work with a trusted IT professional to manage your device, software, and network updates. Be proactive to ensure you don’t have a potential breach lurking in your network.
Why Is This Published By A Business Phone Company?
Here at NoContractVoIP, we believe that your success is our success. And, since we specialize in business communication, we also want to help you communicate better. To get the latest helpful content delivered to your inbox every month, subscribe to our newsletter here.
Looking for the finest stress-free custom business telephone systems? Contact us or call today at 866-550-0005!