80% of the Top Exploited Vulnerabilities Targeted Microsoft in 2018

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Eight out of the top ten vulnerabilities exploited by cybercriminals as part of phishing, exploit kits, or remote access trojan (RAT) attacks during 2018 targeted Microsoft's software products, continuing a trend started in 2017.

As detailed in a report by Recorded Future's Kathleen Kuczma, Microsoft continues to be the main target of malicious actors following a similarly "busy" 2017 when the top exploited vulnerabilities changed focus from Adobe's Flash Player.

For the second year in a row, Microsoft was consistently targeted the most, with eight of the top 10 vulnerabilities impacting its products. In 2017, seven of the top 10 vulnerabilities also affected Microsoft. Conversely, the majority of 2016 and 2015’s top vulnerabilities targeted Adobe Flash Player.

80% of the Top Exploited Vulnerabilities Targeted Microsoft in 2018
 

lunarlander

Level 1
Verified
Oct 8, 2017
30
"All of them could be avoided on Windows by not using IE, MS Office, and Flash Player. " -- wrong. I was just attacked while doing Windows 10 Activation, in that brief 2 minutes, a foreign process displayed a quick progress bar and was installing something, caught by OSArmor. I always thought that the activation process was fool proof, and I was proven wrong. I also have my old and slow intel dual core cpu to thank for that; if it had been a fast i-7, I would have never seen that.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
"All of them could be avoided on Windows by not using IE, MS Office, and Flash Player. " -- wrong. I was just attacked while doing Windows 10 Activation, in that brief 2 minutes, a foreign process displayed a quick progress bar and was installing something, caught by OSArmor. I always thought that the activation process was fool proof, and I was proven wrong.
Please post the log from OSA so we can see what foreigner crossed your borders.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
"All of them could be avoided on Windows by not using IE, MS Office, and Flash Player. " -- wrong. I was just attacked while doing Windows 10 Activation, in that brief 2 minutes, a foreign process displayed a quick progress bar and was installing something, caught by OSArmor. I always thought that the activation process was fool proof, and I was proven wrong. I also have my old and slow intel dual core cpu to thank for that; if it had been a fast i-7, I would have never seen that.

All "Eight out of the top ten vulnerabilities exploited by cybercriminals" are related to IE, MS Office, or Flash Player. There are many other vulnerabilities which are not related to IE, MS Office, or Flash Player and may be dangerous for users. The fact of blocking something by OSArmor does not mean that it was malicious, and usually it will be the false positive. Anyway, It is possible (in theory) that one of these eight vulnerabilities (or some others) may be exploited in the scenario from your example. If so, then you are a happy OSArmor user.:giggle:(y)

Edit.
OSArmor is not an AV. It will block anything suspicious according to the applied rules. The user can adjust OSArmor settings and whitelist the false positives, but this will require some knowledge.
 
Last edited:

lunarlander

Level 1
Verified
Oct 8, 2017
30
All "Eight out of the top ten vulnerabilities exploited by cybercriminals" are related to IE, MS Office, or Flash Player. There are many other vulnerabilities which are not related to IE, MS Office, or Flash Player and may be dangerous for users. The fact of blocking something by OSArmor does not mean that it was malicious, and usually it will be the false positive. Anyway, It is possible (in theory) that one of these eight vulnerabilities (or some others) may be exploited in the scenario from your example. If so, then you are a happy OSArmor user.:giggle:(y)

Edit.
OSArmor is not an AV. It will block anything suspicious according to the applied rules. The user can adjust OSArmor settings and whitelist the false positives, but this will require some knowledge.

Hi Andy,

It might be a false positive, but I can't explain away the small progress bar window. Something was installing something.
 
  • Like
Reactions: Andy Ful

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hi Andy,

It might be a false positive, but I can't explain away the small progress bar window. Something was installing something.
Why can't you just post the log from OSA? I am curious to see what happened. It is unusual for malware to display a progress bar, malware usually tries hard to remain invisible.
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hi Andy,

It might be a false positive, but I can't explain away the small progress bar window. Something was installing something.
It is possible to attack the computer from the local network or even from the Internet (via router exploits), and some malware can survive the fresh installation of Windows 10. But, these are very rare, so most probable is that Windows 10 (or one of the installed applications) tried to update something. If you have installed OSArmor then analyzing the log can help, as shmu26 already noticed.
 
L

Local Host

This ain't bad at all, as long as Microsoft keeps patching holes.

Is stuff like this that makes Windows the safest OS in the world, both OSX and Linux are full of unknown exploits which require almost no effort to use compared to Windows.

If Linux systems where heavily targetted as Windows is, it would crumble in seconds (not even hours).
 
  • Like
Reactions: shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top