Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Qualys has published a ranking of the vulnerabilities most commonly used to launch attacks and spread malware or ransomware. 15 of the vulnerabilities presented in the rating affect Microsoft products. Resulting rating:
1. CVE-2017-11882: Memory corruption in Microsoft Office that allows code execution when opening a specially crafted document. The vulnerability was used to compromise systems in 467 malware attacks, 53 attackers and 14 ransomware attacks.
2. CVE-2017-0199: a vulnerability in Microsoft Wordpad that allows code execution when opening a specially crafted file. Involved in 93 malware, 53 malicious attacks and 5 ransomware.
3. CVE-2012-0158: a vulnerability in Windows Common Controls that allows code execution when opening a specially designed web page. Involved in 63 malware, 45 malicious attacks and 2 ransomware.
4. CVE-2017-8570: a vulnerability in Microsoft Office that allows code execution when opening a specially crafted document. Involved in 52 malware and attacks by 11 attackers.
5. CVE-2020-1472: Zerologon vulnerability in the Microsoft Netlogon Remote Protocol implementation, affecting Windows and Samba, and allowing to gain administrative rights on a domain controller. Involved in 18 malware, 16 malicious attacks, and 11 ransomware.
6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: WannaCry vulnerability in Windows that allows code execution by sending a request over the SMBv1 protocol. Involved in 12 malware, 10 malicious attacks, and 12 ransomware.
7. CVE-2012-1723: a vulnerability in the bytecode verifier of Java applets, which allows you to execute your code when opening a page with a specially designed Java applet. Involved in 91 malware, 18 malicious attacks, and 41 ransomware.
8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: ProxyShell vulnerability in Microsoft Exchange Server, which allows you to execute your code on the server by sending a specially crafted request to the Microsoft Client Access Service (CAS). Involved in 12 malware, 20 malicious attacks and 12 ransomware.
9. CVE-2019-11510: a vulnerability in VPN Pulse Connect Secure that allows you to read any files from the VPN connection point, including access keys, without authentication. Involved in 13 malware, 18 malicious attacks, and 12 ransomware.
10. CVE-2021-44228: a vulnerability in Apache Log4j that affects 17 Apache projects and allows arbitrary code execution when writing a specially formatted value to the log. Involved in 10 malware, 26 malicious attacks and 5 ransomware.
11. CVE-2014-6271: Shellshock vulnerability in Bash, which allows code execution on the server when processing content contained in environment variables. Involved in 11 malware and attacks by one attacker.
12. CVE-2018-8174: a vulnerability in the Windows VBScript engine that allows code to be executed when opening a specially designed web page in Internet Explorer or a document in Microsoft Office. Involved in 21 malware, 10 malicious attacks and 7 ransomware.
13. CVE-2013-0074: a vulnerability in Microsoft Silverlight that allows you to execute your code in the system when opening a web page with a specially designed Silverlight applet. Involved in 62 malware and 50 ransomware.
14. CVE-2012-0507: a vulnerability in the Java Runtime Environment that allows you to execute your code on the system when opening a web page with a specially designed Java applet. Involved in 66 malware, 3 attackers and 42 ransomware.
15. CVE-2019-19781: Shitrix vulnerability in Citrix ADC (Application Delivery Controller) and Citrix Gateway products, which allows you to remotely execute your code on the server without authentication and gain access to resources on the enterprise local network. Involved in 11 malware, 12 malicious attacks, and 10 ransomware.
16. CVE-2018-0802: a vulnerability in Microsoft Office that allows code execution when opening a specially crafted file. Involved in 29 malware and attacks by 24 attackers.
17. CVE-2021-26855: a vulnerability in Microsoft Exchange Server that allows you to bypass authentication and impersonate another user. Involved in 19 malware, 22 malicious attacks and 9 ransomware.
18. CVE-2019-2725: a vulnerability in Oracle WebLogic that allows you to execute your code on the server by sending a certain request over the network without authentication. Involved in 10 malware, 4 malicious attacks and 9 ransomware.
19. CVE-2018-13379: A vulnerability in the Fortinet FortiGate (FortiOS) platform that allows you to remotely access the VPN web portal without authentication and read any system files by sending specially crafted HTTP requests. Involved in 6 malware, 13 malicious attacks and 6 ransomware.
20. CVE-2021-26084: a vulnerability in Atlassian Confluence Server that allows code to be executed remotely on the server without authentication. Involved in 8 malware, 6 malicious attacks and 8 ransomware.
1. CVE-2017-11882: Memory corruption in Microsoft Office that allows code execution when opening a specially crafted document. The vulnerability was used to compromise systems in 467 malware attacks, 53 attackers and 14 ransomware attacks.
2. CVE-2017-0199: a vulnerability in Microsoft Wordpad that allows code execution when opening a specially crafted file. Involved in 93 malware, 53 malicious attacks and 5 ransomware.
3. CVE-2012-0158: a vulnerability in Windows Common Controls that allows code execution when opening a specially designed web page. Involved in 63 malware, 45 malicious attacks and 2 ransomware.
4. CVE-2017-8570: a vulnerability in Microsoft Office that allows code execution when opening a specially crafted document. Involved in 52 malware and attacks by 11 attackers.
5. CVE-2020-1472: Zerologon vulnerability in the Microsoft Netlogon Remote Protocol implementation, affecting Windows and Samba, and allowing to gain administrative rights on a domain controller. Involved in 18 malware, 16 malicious attacks, and 11 ransomware.
6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: WannaCry vulnerability in Windows that allows code execution by sending a request over the SMBv1 protocol. Involved in 12 malware, 10 malicious attacks, and 12 ransomware.
7. CVE-2012-1723: a vulnerability in the bytecode verifier of Java applets, which allows you to execute your code when opening a page with a specially designed Java applet. Involved in 91 malware, 18 malicious attacks, and 41 ransomware.
8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: ProxyShell vulnerability in Microsoft Exchange Server, which allows you to execute your code on the server by sending a specially crafted request to the Microsoft Client Access Service (CAS). Involved in 12 malware, 20 malicious attacks and 12 ransomware.
9. CVE-2019-11510: a vulnerability in VPN Pulse Connect Secure that allows you to read any files from the VPN connection point, including access keys, without authentication. Involved in 13 malware, 18 malicious attacks, and 12 ransomware.
10. CVE-2021-44228: a vulnerability in Apache Log4j that affects 17 Apache projects and allows arbitrary code execution when writing a specially formatted value to the log. Involved in 10 malware, 26 malicious attacks and 5 ransomware.
11. CVE-2014-6271: Shellshock vulnerability in Bash, which allows code execution on the server when processing content contained in environment variables. Involved in 11 malware and attacks by one attacker.
12. CVE-2018-8174: a vulnerability in the Windows VBScript engine that allows code to be executed when opening a specially designed web page in Internet Explorer or a document in Microsoft Office. Involved in 21 malware, 10 malicious attacks and 7 ransomware.
13. CVE-2013-0074: a vulnerability in Microsoft Silverlight that allows you to execute your code in the system when opening a web page with a specially designed Silverlight applet. Involved in 62 malware and 50 ransomware.
14. CVE-2012-0507: a vulnerability in the Java Runtime Environment that allows you to execute your code on the system when opening a web page with a specially designed Java applet. Involved in 66 malware, 3 attackers and 42 ransomware.
15. CVE-2019-19781: Shitrix vulnerability in Citrix ADC (Application Delivery Controller) and Citrix Gateway products, which allows you to remotely execute your code on the server without authentication and gain access to resources on the enterprise local network. Involved in 11 malware, 12 malicious attacks, and 10 ransomware.
16. CVE-2018-0802: a vulnerability in Microsoft Office that allows code execution when opening a specially crafted file. Involved in 29 malware and attacks by 24 attackers.
17. CVE-2021-26855: a vulnerability in Microsoft Exchange Server that allows you to bypass authentication and impersonate another user. Involved in 19 malware, 22 malicious attacks and 9 ransomware.
18. CVE-2019-2725: a vulnerability in Oracle WebLogic that allows you to execute your code on the server by sending a certain request over the network without authentication. Involved in 10 malware, 4 malicious attacks and 9 ransomware.
19. CVE-2018-13379: A vulnerability in the Fortinet FortiGate (FortiOS) platform that allows you to remotely access the VPN web portal without authentication and read any system files by sending specially crafted HTTP requests. Involved in 6 malware, 13 malicious attacks and 6 ransomware.
20. CVE-2021-26084: a vulnerability in Atlassian Confluence Server that allows code to be executed remotely on the server without authentication. Involved in 8 malware, 6 malicious attacks and 8 ransomware.
