Despite thousands of new vulnerabilities being reported each year, only a few of them result in significant security breaches and ransomware attacks, according to security experts like Jeremiah Grossman (formerly of WhiteHat Security). Researchers at Mandiant identified 55 zero-day vulnerabilities that were used in harmful campaigns last year. Because many vulnerabilities remain unpatched for extended periods, they remain relevant and could cause a significant security event, regardless of when they were discovered.
Here are some of these vulnerabilities:
- Security researchers are warning that a recently discovered zero-day vulnerability in Microsoft Outlook, known as CVE-2023-23397, could become the most significant bug of 2023, as it has already been exploited actively. Multiple proof-of-concept exploits have emerged since its disclosure, and it does not require user interaction for exploitation. Action1 recently added a new solution to remediate CVE-2023-23397 in Outlook.
- Another heavily exploited flaw was CVE-2022-30190, a vulnerability in the Microsoft Windows Support Diagnostic Tool that allowed remote code execution via malicious Office documents, even when macros were disabled. Multiple threat actors utilized it in various campaigns throughout the year, and it was referred to as “Follina.”
- Two zero-day vulnerabilities, CVE-2022-42475 and CVE-2022-41328, in Fortinet’s FortiOS, were leveraged in attacks targeting network devices. CVE-2022-42475, a buffer-overflow flaw, was used to exploit Fortinet’s FortiGate firewalls, and CVE-2022-41328, a path traversal vulnerability, was used by a Chinese group called UNC3886 to execute potential cyber-espionage campaigns.
- CVE-2022-0609, a Google Chrome vulnerability, was utilized by a North Korean hacker group in a campaign targeting high-tech, media, and financial sectors.
- CVE-2022-41128, an RCE in Windows Server, was exploited by another North Korean hacker group in a phishing campaign.
- CVE-2022-41091, also known as the Windows Mark of the Web (MotW) flaw, was used in at least one ransomware campaign.
- Finally, CVE-2022-29499 was an RCE flaw in a Mitel VoIP appliance used to deploy Lorenz ransomware.
About Action1
Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.