In the world of technology, software vulnerabilities are an unfortunate reality. Developers release software with millions of lines of code. In order to breach a system, hackers look for loopholes in the code.
A patch is issued by the developer to fix the vulnerability. In no time at all, a new feature update will cause more problems. To keep your systems secure, it’s like playing “whack-a-mole.”
One of the top priorities of IT management firms is keeping up with new vulnerabilities. Knowing which software and operating systems are being attacked is crucial.
Company networks are vulnerable without ongoing patch and update management. These attacks are completely preventable. In Q1 of 2022, 82% of U.S. cyberattacks exploited patchable vulnerabilities. It is a global issue.
What vulnerabilities do Microsoft, Google, Adobe, and others have? Here are a few we’ll look at. In a recent warning, the Cybersecurity and Infrastructure Security Agency (CISA) noted these vulnerabilities.
Make Sure to Patch Any of These Vulnerabilities in Your Systems
Three of Microsoft’s products have vulnerabilities. One of them is Internet Explorer (IE). In June of 2022, Microsoft discontinued Internet Explorer. If you still have this installed on your computer, you should remove it.
In the vulnerability names, you’ll see the acronym “CVE”. It’s a standard naming structure used in the industry. The acronym stands for Common Vulnerabilities and Exposures.
Here is a rundown of these vulnerabilities and what a hacker can do:
CVE-2012-4969: Remote execution of code is possible due to this Internet Explorer vulnerability. Due to the damage it can cause, this is considered a “critical” vulnerability. Hackers can release this through a website. Consequently, hackers can exploit this loophole to create phishing sites on previously safe websites.
CVE-2013-1331: This flaw affects Microsoft Office 2003 and Office 2011 for Mac. Remote attacks can be launched through it. This exploits a vulnerability in Microsoft’s buffer overflow function. Hackers can use this to execute dangerous code remotely.
CVE-2012-0151 affects the Windows Authenticode Signature Verification function. Remote code can be executed on a system by user-assisted attackers. The term “user-assisted” refers to an attack that requires the user’s assistance. By opening a malicious attachment in a phishing email, for example.
Also on the list are Google Chrome and applications built using Google’s Chromium V8 Engine. The following vulnerabilities affect these applications.
CVE-2016-1646 & CVE-2016-518: Both allow attackers to conduct denial of service attacks. Remote control is used to do this against websites. In other words, they can flood a site with so much traffic that it crashes.
The two code flaws mentioned above aren’t the only ones hackers can use to crash websites in this manner. The same thing is done by CVE-2018-17463 and CVE-2017-5070. All of these holes have patches already issued that users can install to fix them.
Adobe Acrobat Reader is widely used for sharing documents. Sharing them across platforms and operating systems is easy. It’s also a tool on this list of popular vulnerabilities.
CVE-2009-4324: This is a vulnerability in Acrobat Reader that allows hackers to execute remote code via PDF files. Therefore, PDF attachments cannot be trusted to be safer than other file types. When receiving unfamiliar emails, keep this in mind.
CVE-2010-1297: Memory corruption vulnerability. Through Adobe Flash Player, remote execution and denial of service attacks are possible. In the same way that IE was retired, Flash Player was also retired. Support and security updates are no longer provided. This should be uninstalled from all computers and websites.
A popular brand of wireless router is Netgear. In addition to internet-connected devices, the company sells other products as well. The following flaws also make them vulnerable.
CVE-2017-6862: This vulnerability allows a hacker to execute code remotely. Password authentication can also be bypassed. It’s found in a wide range of Netgear products.
CVE-2019-15271: Cisco RV series routers are vulnerable to buffer overflows. Hackers are given “root” privileges. They can basically do anything with your device and execute any code they want.
Patch & Update Regularly!
These are only a few of the security vulnerabilities on the CISA list. All 36 of the new additions can be found here.
What steps do you take to keep your network safe from these and other vulnerabilities? Patching and updating should be done regularly. Manage your device and software updates with the help of a trusted IT professional. Your network won’t be vulnerable to a breach if this is done.
Automate Your Cybersecurity Today
Patch and update management is one way we can automate your cybersecurity. Contact us today to learn how else we can help.