www.lansweeper.com
Open in
urlscan Pro
141.193.213.10
Public Scan
Submitted URL: https://content.lansweeper.com/e/651653/ost-exploited-vulnerabilities-/dbzwr/285358366?h=CVGzJWHp4sskE5ObvLF4UDZH4Xylc76B38HyCr...
Effective URL: https://www.lansweeper.com/vulnerability/the-top-8-most-exploited-vulnerabilities/
Submission Tags: falconsandbox
Submission: On August 15 via api from US — Scanned from DE
Effective URL: https://www.lansweeper.com/vulnerability/the-top-8-most-exploited-vulnerabilities/
Submission Tags: falconsandbox
Submission: On August 15 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
POST /vulnerability/the-top-8-most-exploited-vulnerabilities/
<form method="post" enctype="multipart/form-data" id="gform_22" action="/vulnerability/the-top-8-most-exploited-vulnerabilities/">
<div class="gform_body gform-body">
<ul id="gform_fields_22" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_22_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_22_1"><label class="gfield_label" for="input_22_1">Email<span class="gfield_required"><span
class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email"> <input name="input_1" id="input_22_1" type="text" value="" class="medium" placeholder="Email" aria-required="true" aria-invalid="false"></div>
</li>
<li id="field_22_2" class="gfield field_sublabel_below field_description_below hidden_label gfield_visibility_hidden" data-js-reload="field_22_2">
<div class="admin-hidden-markup"><i class="gform-icon gform-icon--hidden"></i><span>Hidden</span></div><label class="gfield_label" for="input_22_2">EmailType</label>
<div class="ginput_container ginput_container_text"><input name="input_2" id="input_22_2" type="text" value="" class="medium" aria-invalid="false"></div>
</li>
<li id="field_22_3" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_22_3"><label class="gfield_label" for="input_22_3">Name</label>
<div class="ginput_container"><input name="input_3" id="input_22_3" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_22_3">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_22" class="gform_button button" value="Count Me In" onclick="if(window["gf_submitting_22"]){return false;} window["gf_submitting_22"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_22"]){return false;} window["gf_submitting_22"]=true; jQuery("#gform_22").trigger("submit",[true]); }"> <input type="hidden"
class="gform_hidden" name="is_submit_22" value="1"> <input type="hidden" class="gform_hidden" name="gform_submit" value="22"> <input type="hidden" class="gform_hidden" name="gform_unique_id" value=""> <input type="hidden" class="gform_hidden"
name="state_22" value="WyJbXSIsIjViNDFiYzk1MzBjZDQ1OGJhMjg5ZWVkNjMyZGVjOGQ2Il0="> <input type="hidden" class="gform_hidden" name="gform_target_page_number_22" id="gform_target_page_number_22" value="0"> <input type="hidden" class="gform_hidden"
name="gform_source_page_number_22" id="gform_source_page_number_22" value="1"> <input type="hidden" name="gform_field_values" value=""></div>
</form>POST /vulnerability/the-top-8-most-exploited-vulnerabilities/
<form method="post" enctype="multipart/form-data" id="gform_17" action="/vulnerability/the-top-8-most-exploited-vulnerabilities/">
<div class="gform_body gform-body">
<ul id="gform_fields_17" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_17_1" class="gfield field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_17_1"><label class="gfield_label" for="input_17_1">Email</label>
<div class="ginput_container ginput_container_email"> <input name="input_1" id="input_17_1" type="text" value="" class="medium" placeholder="Email" aria-invalid="false"></div>
</li>
<li id="field_17_2" class="gfield field_sublabel_below field_description_below hidden_label gfield_visibility_hidden" data-js-reload="field_17_2">
<div class="admin-hidden-markup"><i class="gform-icon gform-icon--hidden"></i><span>Hidden</span></div><label class="gfield_label" for="input_17_2">EmailType</label>
<div class="ginput_container ginput_container_text"><input name="input_2" id="input_17_2" type="text" value="" class="medium" aria-invalid="false"></div>
</li>
<li id="field_17_3" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_17_3"><label class="gfield_label" for="input_17_3">Name</label>
<div class="ginput_container"><input name="input_3" id="input_17_3" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_17_3">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_17" class="gform_button button" value="Count Me In" onclick="if(window["gf_submitting_17"]){return false;} window["gf_submitting_17"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_17"]){return false;} window["gf_submitting_17"]=true; jQuery("#gform_17").trigger("submit",[true]); }"> <input type="hidden"
class="gform_hidden" name="is_submit_17" value="1"> <input type="hidden" class="gform_hidden" name="gform_submit" value="17"> <input type="hidden" class="gform_hidden" name="gform_unique_id" value=""> <input type="hidden" class="gform_hidden"
name="state_17" value="WyJbXSIsIjViNDFiYzk1MzBjZDQ1OGJhMjg5ZWVkNjMyZGVjOGQ2Il0="> <input type="hidden" class="gform_hidden" name="gform_target_page_number_17" id="gform_target_page_number_17" value="0"> <input type="hidden" class="gform_hidden"
name="gform_source_page_number_17" id="gform_source_page_number_17" value="1"> <input type="hidden" name="gform_field_values" value=""></div>
</form>Text Content
Powered by Cookiebot * Consent * Details * [#IABV2SETTINGS#] * About LANSWEEPER COOKIE POLICY We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. Consent Selection Necessary Preferences Statistics Marketing Settings Necessary 11 Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. 27jts3o00yy49vo2y30wem91-wpengine.netdna-ssl.com 1 elementorUsed in context with the website's WordPress theme. The cookie allows the website owner to implement or change the website's content in real-time. Expiry: PersistentType: HTML Cookiebot 1 Learn more about this provider CookieConsentStores the user's cookie consent state for the current domain Expiry: 1 yearType: HTTP Google 2 Learn more about this provider rc::aThis cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Expiry: PersistentType: HTML rc::cUsed in context with video-advertisement. The cookie limits the number of times a visitor is shown the same advertisement-content. The cookie is also used to ensure relevance of the video-advertisement to the specific visitor. Expiry: SessionType: HTML LinkedIn 1 Learn more about this provider li_gcStores the user's cookie consent state for the current domain Expiry: 179 daysType: HTTP play.google.com youtube.com 2 CONSENT [x2]Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. Expiry: 2 yearsType: HTTP vimeo.com ws.zoominfo.com 2 __cf_bm [x2]This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Expiry: 1 dayType: HTTP ws.zoominfo.com 1 visitorIdPreserves users states across page requests. Expiry: 1 yearType: HTTP www.lansweeper.com 1 cf_use_obUsed to detect if the website is inaccessible, in case of maintenance of content updates - The cookie allows the website to present the visitor with a notice on the issue in question. Expiry: 1 dayType: HTTP Preferences 7 Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. LinkedIn 2 Learn more about this provider lang [x2]Remembers the user's selected language version of a website Expiry: SessionType: HTTP Site Search 360 2 Learn more about this provider ssi--lastInteractionNecessary in order to optimize the website's search-bar function. The cookie ensures accurate and fast search results. Expiry: 1 dayType: HTTP ssi--sessionIdSaves information of actions that have been carried out by the user during the current visit to the website, including searches with keywords included. Expiry: 1 yearType: HTTP Spotify 1 Learn more about this provider loglevelMaintains settings and outputs when using the Developer Tools Console on current session. Expiry: PersistentType: HTML YouTube 2 Learn more about this provider yt-remote-connected-devicesStores the user's video player preferences using embedded YouTube video Expiry: PersistentType: HTML yt-remote-device-idStores the user's video player preferences using embedded YouTube video Expiry: PersistentType: HTML Statistics 26 Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. Google 3 Learn more about this provider _gaRegisters a unique ID that is used to generate statistical data on how the visitor uses the website. Expiry: 2 yearsType: HTTP _gatUsed by Google Analytics to throttle request rate Expiry: 1 dayType: HTTP _gidRegisters a unique ID that is used to generate statistical data on how the visitor uses the website. Expiry: 1 dayType: HTTP LinkedIn 1 Learn more about this provider AnalyticsSyncHistoryUsed in connection with data-synchronization with third-party analysis service. Expiry: 29 daysType: HTTP Microsoft 5 Learn more about this provider c.gifCollects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner. Expiry: SessionType: Pixel CLIDCollects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner. Expiry: 1 yearType: HTTP _clckCollects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner. Expiry: 1 yearType: HTTP _clskRegisters statistical data on users' behaviour on the website. Used for internal analytics by the website operator. Expiry: 1 dayType: HTTP _cltkRegisters statistical data on users' behaviour on the website. Used for internal analytics by the website operator. Expiry: SessionType: HTML Neustar 1 Learn more about this provider abThis cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site. Expiry: 1 yearType: HTTP Vimeo 1 Learn more about this provider vuidCollects data on the user's visits to the website, such as which pages have been read. Expiry: 2 yearsType: HTTP YouTube 4 Learn more about this provider yt-remote-cast-installedStores the user's video player preferences using embedded YouTube video Expiry: SessionType: HTML yt-remote-fast-check-periodStores the user's video player preferences using embedded YouTube video Expiry: SessionType: HTML yt-remote-session-appStores the user's video player preferences using embedded YouTube video Expiry: SessionType: HTML yt-remote-session-nameStores the user's video player preferences using embedded YouTube video Expiry: SessionType: HTML ws.zoominfo.com 1 ziwsSessionIdCollects statistics on the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. Expiry: SessionType: HTML www.google-analytics.com px.ads.linkedin.com 2 collect [x2]Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. Expiry: SessionType: Pixel www.lansweeper.com 8 __hsscIdentifies if the cookie data needs to be updated in the visitor's browser. Expiry: 1 dayType: HTTP __hssrcUsed to recognise the visitor's browser upon reentry on the website. Expiry: SessionType: HTTP __hstcSets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. Expiry: 179 daysType: HTTP _hjAbsoluteSessionInProgressThis cookie is used to count how many times a website has been visited by different visitors - this is done by assigning the visitor an ID, so the visitor does not get registered twice. Expiry: 1 dayType: HTTP _hjFirstSeenThis cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. Expiry: 1 dayType: HTTP _hjSession_#Collects statistics on the visitor's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. Expiry: 1 dayType: HTTP _hjSessionUser_#Collects statistics on the visitor's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. Expiry: 1 yearType: HTTP hubspotutkSets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. Expiry: 179 daysType: HTTP Marketing 47 Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. 27jts3o00yy49vo2y30wem91-wpengine.netdna-ssl.com 2 _gcl_auUsed by Google AdSense for experimenting with advertisement efficiency across websites using their services. Expiry: 3 monthsType: HTTP _gcl_awUsed to measure the efficiency of the website’s advertisement efforts, by collecting data on the conversion rate of the website’s ads across multiple websites. Expiry: 3 monthsType: HTTP 27jts3o00yy49vo2y30wem91-wpengine.netdna-ssl.com pi.pardot.com 6 visitor_id# [x3]Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes. Expiry: 10 yearsType: HTTP visitor_id#-hash [x3]Used to encrypt and contain visitor data. This is necessary for the security of the user data. Expiry: 10 yearsType: HTTP Adobe 2 Learn more about this provider demdexVia a unique ID that is used for semantic content analysis, the user's navigation on the website is registered and linked to offline data from surveys and similar registrations to display targeted ads. Expiry: 179 daysType: HTTP dpmSets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. Expiry: 179 daysType: HTTP Bluekai.com 1 Learn more about this provider site/#Pending Expiry: SessionType: Pixel Clickagy 1 Learn more about this provider pixel.gifCollects information on user preferences and/or interaction with web-campaign content - This is used on CRM-campaign-platform used by website owners for promoting events or products. Expiry: SessionType: Pixel Google 7 Learn more about this provider IDEUsed by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Expiry: 1 yearType: HTTP pagead/landing [x2]Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. Expiry: SessionType: Pixel test_cookieUsed to check if the user's browser supports cookies. Expiry: 1 dayType: HTTP ads/ga-audiencesUsed by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. Expiry: SessionType: Pixel pagead/1p-user-list/#Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. Expiry: SessionType: Pixel _gac_UA-#Stores information about ad campaigns from Google Adwords to show targeted ads to the visitor. Expiry: 3 monthsType: HTTP LinkedIn 4 Learn more about this provider bcookieUsed by the social networking service, LinkedIn, for tracking the use of embedded services. Expiry: 1 yearType: HTTP bscookieUsed by the social networking service, LinkedIn, for tracking the use of embedded services. Expiry: 1 yearType: HTTP lidcUsed by the social networking service, LinkedIn, for tracking the use of embedded services. Expiry: 1 dayType: HTTP UserMatchHistoryUsed to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. Expiry: 29 daysType: HTTP Lotame 1 Learn more about this provider _cc_ccCollects statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising. Expiry: SessionType: HTTP Microsoft 9 Learn more about this provider MUID [x2]Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains. Expiry: 1 yearType: HTTP SRM_BTracks the user’s interaction with the website’s search-bar-function. This data can be used to present the user with relevant products or services. Expiry: 1 yearType: HTTP ANONCHKRegisters data on visitors from multiple visits and on multiple websites. This information is used to measure the efficiency of advertisement on websites. Expiry: 1 dayType: HTTP SMRegisters a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads. Expiry: SessionType: HTTP _uetsidCollects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. Expiry: 1 dayType: HTML _uetsid_expContains the expiry-date for the cookie with corresponding name. Expiry: PersistentType: HTML _uetvidUsed to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. Expiry: 1 yearType: HTML _uetvid_expContains the expiry-date for the cookie with corresponding name. Expiry: PersistentType: HTML Neustar 1 Learn more about this provider uCollects data on user visits to the website, such as what pages have been accessed. The registered data is used to categorise the user's interest and demographic profiles in terms of resales for targeted marketing. Expiry: 1 yearType: HTTP Openx 1 Learn more about this provider w/1.0/cmPresents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. Expiry: SessionType: Pixel Reddit 2 Learn more about this provider rp.gifNecessary for the implementation of the Reddit.com's share-button function. Expiry: SessionType: Pixel _rdt_uuidUsed to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. Expiry: 3 monthsType: HTTP Salesforce 1 Learn more about this provider lpv#Used in context with behavioral tracking by the website. The cookie registers the user’s behavior and navigation across multiple websites and ensures that no tracking errors occur when the user has multiple browser-tabs open. Expiry: 1 dayType: HTTP Spotify 2 Learn more about this provider sp_landingUsed to implement audio-content from Spotify on the website. Can also be used to register user interaction and preferences in context with audio-content - This can serve statistics and marketing purposes. Expiry: 1 dayType: HTTP sp_tUsed to implement audio-content from Spotify on the website. Can also be used to register user interaction and preferences in context with audio-content - This can serve statistics and marketing purposes. Expiry: 1 yearType: HTTP Twitter Inc. 1 Learn more about this provider RichHistoryCollects data on visitors' preferences and behaviour on the website - This information is used make content and advertisement more relevant to the specific visitor. Expiry: SessionType: HTML YouTube 6 Learn more about this provider VISITOR_INFO1_LIVETries to estimate the users' bandwidth on pages with integrated YouTube videos. Expiry: 179 daysType: HTTP YSCRegisters a unique ID to keep statistics of what videos from YouTube the user has seen. Expiry: SessionType: HTTP yt.innertube::nextIdRegisters a unique ID to keep statistics of what videos from YouTube the user has seen. Expiry: PersistentType: HTML yt.innertube::requestsRegisters a unique ID to keep statistics of what videos from YouTube the user has seen. Expiry: PersistentType: HTML ytidb::LAST_RESULT_ENTRY_KEYStores the user's video player preferences using embedded YouTube video Expiry: PersistentType: HTML yt-remote-cast-availableStores the user's video player preferences using embedded YouTube video Expiry: SessionType: HTML Unclassified 6 Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. content.lansweeper.com 2 bp/channel-web/user-langPending Expiry: PersistentType: HTML bp/socket/userPending Expiry: PersistentType: HTML explorer.land 1 authstrategyPending Expiry: SessionType: HTTP js.qualified.com 2 __q_domainTestPending Expiry: SessionType: HTTP __q_state_WS5PgPnPfYC908kKPending Expiry: 10 yearsType: HTTP www.lansweeper.com 1 ls_currencyPending Expiry: SessionType: HTTP Cross-domain consent[#BULK_CONSENT_DOMAINS_COUNT#] [#BULK_CONSENT_TITLE#] List of domains your consent applies to: [#BULK_CONSENT_DOMAINS#] Cookie declaration last updated on 15.08.22 by Cookiebot [#IABV2_TITLE#] [#IABV2_BODY_INTRO#] [#IABV2_BODY_LEGITIMATE_INTEREST_INTRO#] [#IABV2_BODY_PREFERENCE_INTRO#] [#IABV2_LABEL_PURPOSES#] [#IABV2_BODY_PURPOSES_INTRO#] [#IABV2_BODY_PURPOSES#] [#IABV2_LABEL_FEATURES#] [#IABV2_BODY_FEATURES_INTRO#] [#IABV2_BODY_FEATURES#] [#IABV2_LABEL_PARTNERS#] [#IABV2_BODY_PARTNERS_INTRO#] [#IABV2_BODY_PARTNERS#] You consent to our cookies if you continue to use our website. [#OOI_PERSONAL_INFORMATION#] Use necessary cookies only Allow selection Customize Allow all cookies Powered by Cookiebot by Usercentrics Skip to content * Leverage the power of our NEW Lansweeper Community - Learn More * Why Lansweeper KNOW YOUR IT The foundation for efficient IT Management. Why Lansweeper? Why IT Asset Management? Customer Success Stories BY ROLE Complete visibility for everyone. for System Administrators for IT Managers for C-Suite for Cybersecurity Teams for IT Support for IT Service Providers BY USE CASE Fuel any IT scenario. Discover & Inventory My IT Assets Replace Inventory Spreadsheets Enhance Cybersecurity Improve CMDB Data Quality Discover & Inventory My OT Assets Optimize Software Assets Achieve Service Desk Excellence Explore All Use Cases BY INDUSTRY Flexibility for your industry. Education Healthcare Manufacturing Public Sector Retail Financial Services * Platform Lansweeper Platform Overview All Technology Asset Intelligence in 1 place. Learn More View All Features IT Asset Discovery In-depth discovery across the IT estate. IT Asset Inventory Always up-to-date with actionable insights. Embedded Technologies Enhance your product with our APIs & SDKs. IT Asset Analytics Drive change with IT data. Integrations Fuel any IT scenario. Introducing Lansweeper Cloud NEW Built for global organizations to fuel any IT scenario. Learn More * Pricing * Resources LEARN Reach the full Lansweeper potential. Blog New Articles Product Demo Webinars & Events Ebooks & White Papers PRODUCT HELP & RESOURCES How to set up and use Lansweeper. Knowledge Base Help Center Community New Tutorials Report Library Patch Tuesday Audit Vulnerability Audit Reports Download LsAgent Free Trial SUCCESS STORIES How organizations use Lansweeper. RADISSON HOTEL GROUP GAINS GLOBAL VISIBILITY WITH LANSWEEPER CLOUD Read More Stories PARTNERS Explore our partner ecosystem. Partner Ecosystem Solution Partners Find a Solution Partner Integration Partners * Contact Us * Try for Free X STILL VULNERABLE TO THE TOP 8 MOST EXPLOITED VULNERABILITIES? Home > Vulnerability > Still Vulnerable to the Top 8 Most Exploited Vulnerabilities? * June 4, 2020 * By Nils Macharis * Categories: Cybersecurity, Vulnerability THE MOST EXPLOITED VULNERABILITIES IN 2016-2019 AS REPORTED BY THE FBI ⚡ TL;DR | Go Straight to Audit Report It probably won't surprise you that 7 of the 8 most exploited software vulnerabilities are to be found in Microsoft products. Their widespread use across organizations and institutions makes them an ideal candidate for cybercriminals. According to U.S. Government technical analysis, malicious cyber actors most often exploit vulnerabilities in Microsoft's Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. But also Adobe Flash Player makes it to the list. OLDER UNPATCHED SYSTEMS ARE VULNERABLE FOR CYBERSECURITY ATTACKS A recent report on the most exploited vulnerabilities by the Cybersecurity & Infrastructure Security Agency (CISA) and the FBI listed the most routinely exploited vulnerabilities in the wild. The interesting thing is that most of these vulnerabilities are pretty old, yet cyber criminals have no problem to continue exploiting these publicly known software vulnerabilities to gain access to your network. The cited reason for this is that the exploitation of these known vulnerabilities often requires fewer resources as compared with new zero-day exploits. The silver lining in this is that all of them have patches available and could be easily fixed by identifying which machines on your network are still running outdated software. This can require a significant investment of resources, particularly when mitigating multiple flaws at the same time. To help you get started, we have created a dedicated Lansweeper report, which will flag any device on your network vulnerable to any of those exploits. Get the Audit Report Note: The lists of associated malware corresponding to each CVE number below is not meant to be exhaustive but instead is intended to identify a malware family commonly associated with exploiting the CVE. Included are their CVE numbers, vulnerable products, associated malware, and mitigation strategies. WHICH SOFTWARE VULNERABILITIES ARE EXPLOITED THE MOST? CVE-2017-11882 * Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Products * Associated Malware: Loki, FormBook, Pony/FAREIT * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: CVE-2017-11882 * IOCs: AR20-133E CVE-2017-0199 * Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1 * Associated Malware: FINSPY, LATENTBOT, Dridex * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: CVE-2017-0199 * IOCs: AR20-133G, AR20-133H, AR20-133P CVE-2012-0158 * Vulnerable Products: Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 * Associated Malware: Dridex * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: * AA19-339A * CVE-2012-0158 * IOCs: AR20-133I, AR20-133J, AR20-133K, AR20-133L, AR20-133N, AR20-133O CVE-2019-0604 * Vulnerable Products: Microsoft SharePoint * Associated Malware: China Chopper * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: CVE-2019-0604 CVE-2017-0143 * Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 * Associated Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: CVE-2017-0143 CVE-2018-4878 * Vulnerable Products: Adobe Flash Player before 28.0.0.161 * Associated Malware: DOGCALL * Mitigation: Update Adobe Flash Player installation to the latest version * More Detail: CVE-2018-4878 * IOCs: AR20-133D CVE-2017-8759 * Vulnerable Products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 * Associated Malware: FINSPY, FinFisher, WingBird * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: CVE-2017-8759 * IOCs: AR20-133F CVE-2015-1641 * Vulnerable Products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 * Associated Malware: Toshliph, UWarrior * Mitigation: Update affected Microsoft products with the latest security patches * More Detail: CVE-2015-1641 * IOCs: AR20-133M FIND ALL VULNERABLE DEVICES ON YOUR NETWORK Similar to our monthly Patch Tuesday reports, we've created a dedicated audit report that checks if the assets in your network are vulnerable to any of these 8 exploits. It's color-coded to give you an easy and quick overview of which assets are vulnerable, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible. Get the Audit Report At Lansweeper, cybersecurity is one of our cornerstone use cases. Why? The first step in protecting anything is knowing that an asset exists. It sounds so simple, but a solid cybersecurity program requires reliable inventory and discovery as its foundation. Lansweeper holds more than 450 built-in network reports, but ad-hoc vulnerabilities mostly require a custom vulnerability report to assess if you're vulnerable and need to update. We regularly create custom hardware and software reports to address known issues. If you haven't already, start your free trial of Lansweeper to run this report. Make sure to subscribe via the form below if you want to receive other vulnerability reports for free. RECEIVE THE LATEST VULNERABILITY REPORTS FOR FREE * Email* * Hidden EmailType * Name This field is for validation purposes and should be left unchanged. Share on facebook Share on twitter Share on linkedin Share on reddit Share on email YOU MAY ALSO LIKE... WINDOWS 11 & SERVER 2022 CONTAIN DATA DAMAGE BUG August 9, 2022 CRITICAL VULNERABILITY IN 29 MODELS OF DRAYTEK ROUTERS August 8, 2022 TRY LANSWEEPER FOR FREE LEARN WHY LANSWEEPER IS USED BY THOUSANDS OF ENTERPRISES WORLDWIDE. Download Lansweeper PRODUCT * Why Lansweeper * Use Cases * Platform Overview * Integrations * Embedded Technologies * Pricing * Changelog * Early Adopter Program * Status KEY FEATURES * IT Asset Inventory * Hardware Asset Management * Software Asset Management * User Management * IP Scanner * Switch Port Mapping * All Features COMPANY * About * Contact * Careers - We're Hiring! * News * Brand Assets PARTNERS * Partner Ecosystem * Solution Partners * Integration Partners RESOURCES * Blog * Customer Success Stories * Product Demo * Report Library * Download Lansweeper * Download LsAgent CONTACT Talk to Sales HELP CENTER * Knowledge Base * Community * Contact Support NEWSLETTER Get your hands on the latest news, vulnerability updates & network reports. * Email * Hidden EmailType * Name This field is for validation purposes and should be left unchanged. Facebook Twitter Youtube Linkedin Reddit * Copyright © 2022 Lansweeper * Trust Center * Privacy Policy * Cookie declaration * Terms of use * Reselling Terms Notifications