These old security vulnerabilities are creating new opportunities for hackers

Old security vulnerabilities in corporate networks are leaving organisations at risk from ransomware and other cyber attacks as hackers look to actively exploit unpatched systems and legacy software. 

Analysis by cybersecurity researchers at F-Secure suggests that 61% of security vulnerabilities which exist in corporate networks are from 2016 or even older, despite patches being available for five years or more. Some of the vulnerabilities which continue to be exploited to breach networks are more than a decade old.

One of the most common unpatched vulnerabilities plaguing businesses is CVE-2017-11882, an old memory corruption issue in Microsoft Office including Office 365 which was uncovered and patched in 2017, but had existed since 2000. According to F-Secure, it’s one of the most actively exploited vulnerabilities on Windows.  

The vulnerability requires little interaction from the user, making it useful for cyber criminals running phishing campaigns. Researchers note that since it was detailed in 2017, the vulnerability has regularly been used by hacking groups, including Cobalt Group

Other common vulnerabilities detailed in the research paper include CVE-2012-1723, a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7, which was detailed in 2012 and CVE-2013-1493.  

Security patches are available to protect against these

Read More: