The Biggest Vulnerabilities that Hackers are Feasting on Right Now

NB Technology, LLC.

Jan 02, 2024

a hacker's computer in the dark

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure.


Keeping up with new vulnerabilities is one of the top priorities of IT management firms.


It’s important to know which software and operating systems are being attacked. 


Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.


What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).


Make Sure to Patch Any of These Vulnerabilities in Your Systems

a padlock ontop of keyboard pieces that were destroyed


Microsoft Vulnerabilities

Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. You should remove this from any computers that still have it installed.


You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.


Here is a rundown of these vulnerabilities and what a hacker can do:

  • CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.
  • CVE-2013-1331: This is a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
  • CVE-2012-0151: This issue impacts the Authenticode Signature Verification function of Windows. It allows user-assisted attackers to execute remote code on a system. “User-assisted” means that they need the user to assist in the attack. Such as by opening a malicious file attachment in a phishing email. 


Google Vulnerabilities

Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.


CVE-2016-1646 & CVE-2016-518: These both allow attackers to conduct denial of service attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.


Those aren’t the only two code flaws that allow hackers to crash sites this way. Two others, CVE-2018-17463 and CVE-2017-5070 both do the same thing. And like all these others, have patches already issued that users can install to fix these holes.


Adobe Vulnerabilities

People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities. 


  • CVE-2009-4324: This is a flaw in Acrobat Reader that allows hackers to execute remote code via a PDF file. This is why you can’t trust that a PDF attachment is going to be safer than other file types. Remember this when receiving unfamiliar emails.


  • CVE-2010-1297: This memory corruption vulnerability. It allows remote execution and denial of service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. You should uninstall this from all PCs and websites.


Netgear Vulnerability

Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws. 


  • CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It's present in many different Netgear products.


Cisco Vulnerability

  • CVE-2019-15271: This is a vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. This means they can basically do anything with your device and execute any code they like.


Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here.


How do you keep your network safe from these and other vulnerabilities?  You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.


Automate Your Cybersecurity Today

Patch and update management is just one way that we can automate your cybersecurity.


Contact us at (704) 644-1220 for a no obligation consultation to discuss your cybersecurity needs and any inquiries you may have for your Belmont, Gastonia or North Carolina business.

Article used with permission from The Technology Press.

Image of a checklist

Simple Setup Checklist for Microsoft Teams

By Blogger Admin 07 May, 2024
This MS Teams setup checklist can help you get started using this 365 productivity and collaboration app.
Switching to a VoIP phone system

The 8 Advantages of Switching to a VoIP Phone System

By Blogger Admin 30 Apr, 2024
These are 8 business advantages of switching from a traditional to a VoIP phone system.
Image of a bring your own device (BYOD) policy in action

12 Tips for Overcoming Barriers to a Smooth BYOD Program

By Blogger Admin 23 Apr, 2024
Find out the top 12 tips to help your business overcome barriers to a successful bring-your-own-device (BYOD) program.
Cybersecurity being implemented for a small business

6 Hidden Benefits of Cybersecurity for Small Businesses

By Blogger Admin 16 Apr, 2024
There are many benefits of having cybersecurity defenses for your business - here are hidden benefits you may not have considered.
Image of a mobile device with various app icons

Making Your Mobile Devices Safe From Cyberattacks: 9 Best Practices

09 Apr, 2024
Learn how to make your mobile devices safe from cyberattacks with these 9 best practices.
Image of a padlock with chains, indicating strong security

Simple Guide to Follow for Better Endpoint Protection

26 Mar, 2024
Protect your business from cyber threats like malware and learn about the steps to follow for better endpoint protection.
Cybersecurity being implemented

Why Cybersecurity is Essential for Business Growth

By Blogger Admin 19 Mar, 2024
Find out why cybersecurity is essential for business growth and how to find a cybersecurity expert.
Image of a Keep Out sign on a fence

Insider Threats are Getting More Dangerous! Here's How to Stop Them

12 Mar, 2024
Learn about the different types of insider threats and how you can stop them.
VoIP phone system

Upgrade Your Phone System and Improve Your Customer Service

By Blogger Admin 05 Mar, 2024
Did you know that you can improve your customer service by upgrading to a VoIP phone system? Find out how to start impressing your customers and boosting efficiency.
Image of people conducting a cybersecurity audit in an office

3 Tips for Running Cybersecurity Audits

27 Feb, 2024
Find out what a cybersecurity audit entails and 3 tips for running one successfully.
Show More
Share by: