It looks like that for the 3rd year in a row the bad guys used vulnerabilities found in Microsoft products more than any other products to compromise systems.
You may ask, which ones are the other two? Well, the other two are from the same product: Adobe Flash Player.
The most abused vulnerability in Microsoft the past year was the CVE-2018-8174 which impacted Internet Explorer.
One of the most interesting findings was that from those 10 vulnerabilities, 6 of them were on the top 10 in the previous year. This is a very interesting finding, but what does this really mean?
Well, it means that a vulnerability was discovered back in 2018 and a patch was released, but users were still being attacked in 2019. At first, it may seem like the patch was ineffective, but the true answer is actually simpler than that: It is simple, users do not update/patch their computer.
You may say, “Well, I have an antivirus which should stop all the bad guys.” It may or may not, but if Microsoft, or any software provider, releases a patch it is because there is a vulnerability in their systems.
The Australian Cyber Security Center released years ago what is called “Essential Eight:“, which we will likely discuss in a future post. However, for the purpose of patching, they suggest patching any application with ‘extreme risk’ vulnerabilities within 48 hours. How frequently do you patch your systems?
And you are probably aware that Windows 7 extended support has finished the last 14th January 2020. If you are still using it, you may be at risk. The longer you keep using it, the more vulnerable your computer will be. Why? because Microsoft has already stopped releasing updates and patches for any vulnerability. Then what do you do if you have a Windows 7? Simply update it to Windows 10 which is the latest version.
And before I forget, and in order for you to start planning your migration, if you have any computer with Windows 8, the end of extended support for this version is 10 January 2023…. don’t tell me that I did not advise you with time.
As you can see patching is an important component in keeping your systems secure.
And as always, be safe out there and until the next Malware Monday.