shmu26

Level 83
Verified
Trusted
Content Creator
Eight out of the top ten vulnerabilities exploited by cybercriminals as part of phishing, exploit kits, or remote access trojan (RAT) attacks during 2018 targeted Microsoft's software products, continuing a trend started in 2017.

As detailed in a report by Recorded Future's Kathleen Kuczma, Microsoft continues to be the main target of malicious actors following a similarly "busy" 2017 when the top exploited vulnerabilities changed focus from Adobe's Flash Player.

For the second year in a row, Microsoft was consistently targeted the most, with eight of the top 10 vulnerabilities impacting its products. In 2017, seven of the top 10 vulnerabilities also affected Microsoft. Conversely, the majority of 2016 and 2015’s top vulnerabilities targeted Adobe Flash Player.

80% of the Top Exploited Vulnerabilities Targeted Microsoft in 2018
 
"All of them could be avoided on Windows by not using IE, MS Office, and Flash Player. " -- wrong. I was just attacked while doing Windows 10 Activation, in that brief 2 minutes, a foreign process displayed a quick progress bar and was installing something, caught by OSArmor. I always thought that the activation process was fool proof, and I was proven wrong. I also have my old and slow intel dual core cpu to thank for that; if it had been a fast i-7, I would have never seen that.
 
  • Like
Reactions: AtlBo

shmu26

Level 83
Verified
Trusted
Content Creator
"All of them could be avoided on Windows by not using IE, MS Office, and Flash Player. " -- wrong. I was just attacked while doing Windows 10 Activation, in that brief 2 minutes, a foreign process displayed a quick progress bar and was installing something, caught by OSArmor. I always thought that the activation process was fool proof, and I was proven wrong.
Please post the log from OSA so we can see what foreigner crossed your borders.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
"All of them could be avoided on Windows by not using IE, MS Office, and Flash Player. " -- wrong. I was just attacked while doing Windows 10 Activation, in that brief 2 minutes, a foreign process displayed a quick progress bar and was installing something, caught by OSArmor. I always thought that the activation process was fool proof, and I was proven wrong. I also have my old and slow intel dual core cpu to thank for that; if it had been a fast i-7, I would have never seen that.
All "Eight out of the top ten vulnerabilities exploited by cybercriminals" are related to IE, MS Office, or Flash Player. There are many other vulnerabilities which are not related to IE, MS Office, or Flash Player and may be dangerous for users. The fact of blocking something by OSArmor does not mean that it was malicious, and usually it will be the false positive. Anyway, It is possible (in theory) that one of these eight vulnerabilities (or some others) may be exploited in the scenario from your example. If so, then you are a happy OSArmor user.:giggle:(y)

Edit.
OSArmor is not an AV. It will block anything suspicious according to the applied rules. The user can adjust OSArmor settings and whitelist the false positives, but this will require some knowledge.
 
Last edited:
All "Eight out of the top ten vulnerabilities exploited by cybercriminals" are related to IE, MS Office, or Flash Player. There are many other vulnerabilities which are not related to IE, MS Office, or Flash Player and may be dangerous for users. The fact of blocking something by OSArmor does not mean that it was malicious, and usually it will be the false positive. Anyway, It is possible (in theory) that one of these eight vulnerabilities (or some others) may be exploited in the scenario from your example. If so, then you are a happy OSArmor user.:giggle:(y)

Edit.
OSArmor is not an AV. It will block anything suspicious according to the applied rules. The user can adjust OSArmor settings and whitelist the false positives, but this will require some knowledge.
Hi Andy,

It might be a false positive, but I can't explain away the small progress bar window. Something was installing something.
 
  • Like
Reactions: Andy Ful

shmu26

Level 83
Verified
Trusted
Content Creator
Hi Andy,

It might be a false positive, but I can't explain away the small progress bar window. Something was installing something.
Why can't you just post the log from OSA? I am curious to see what happened. It is unusual for malware to display a progress bar, malware usually tries hard to remain invisible.
 
  • Like
Reactions: Andy Ful

Andy Ful

Level 48
Verified
Trusted
Content Creator
Hi Andy,

It might be a false positive, but I can't explain away the small progress bar window. Something was installing something.
It is possible to attack the computer from the local network or even from the Internet (via router exploits), and some malware can survive the fresh installation of Windows 10. But, these are very rare, so most probable is that Windows 10 (or one of the installed applications) tried to update something. If you have installed OSArmor then analyzing the log can help, as shmu26 already noticed.
 

Local Host

Level 18
Verified
This ain't bad at all, as long as Microsoft keeps patching holes.

Is stuff like this that makes Windows the safest OS in the world, both OSX and Linux are full of unknown exploits which require almost no effort to use compared to Windows.

If Linux systems where heavily targetted as Windows is, it would crumble in seconds (not even hours).
 
  • Like
Reactions: shmu26