Patch Priorities: 10 Vulnerabilities You Should Pay Attention To

Not all vulnerabilities are created equal, and those that have been exploited by threat actors carry more weight. Last month, Digital Shadows reported on ten software vulnerabilities that were publicly exploited by threat actors. The motives for these attacks included information theft, espionage, financial profit, and disruption. The three key takeaways were:

 

  1. Drupal vulnerabilities among the highest severity vulnerabilities. CVE-2018-7600 is a remote code execution (RCE) vulnerability affecting versions of the Drupal content management system (CMS). According to public reports, this was the most targeted vulnerability in April 2018 by actors conducting cryptocurrency mining activity, but the flaw was also exploited to create a botnet to conduct distributed denial of service (DDoS) attacks. Similarly, another vulnerability identified by Drupal was CVE-2018-7602. Security patches have been released, but a threat actor has already reportedly exploited the vulnerability to deface a Ukrainian government website. Both Drupal vulnerabilities are highly likely to continue to be exploited in the near future.
  2. Eternal blues. Attackers continue to exploit the vulnerabilities CVE-2017-0145 and CVE-2017-0143, also known as ETERNALROMANCE and ETERNALBLUE. These exploits were publicly released by the Shadow Brokers threat group in April 2017 and have been used in a variety of campaigns to date. Both attacks exploiting these flaws in April 2018 were financially-motivated; a cryptocurrency and a ransomware campaign.
  3. CVE-2017-11882 has longevity. The Microsoft Office Memory Corruption Vulnerability that allows for remote code execution, has been targeted consecutively since November 2017 when proof of concept code was publicly leaked, despite the release of security patches addressing the flaw. More attempts to exploit this vulnerability are highly likely in the short-term future (next three months).

 

The table below provides an overview of the vulnerabilities, including an indication of how widely they were discussed across social media and other sources of potential insight into their popularity. Specifically, it shows: 

  • A CVE reference number and hyperlink to the United States National Vulnerability Database (NVD)
  • A description of the vulnerability type and affected system versions
  • The number of incidents Digital Shadows reported on this vulnerability during April2018 
  • The severity of the vulnerability as assigned by the NVD
  • A current status on whether a patch is available, and hyperlink to additional relevant details
CVE Number Description Observed Motivations Number of DS incidents CVE score Patch status
CVE-2018-7600 RCE vulnerability affecting Drupal CMS versions pre-7.58, 8.x before 8.39, 8.4.x before 8.4.6, and 8.5.x before 8.5.1. Financial and Disruption 3 Critical Patch available






CVE-2017-8570 RCE vulnerability in Microsoft Office. Information Theft 2 High Patch available






CVE-2018-7602 RCE vulnerability affecting Drupal Core 7.x and 8.x Financial and Disruption 1 TBD, awaiting analysis Patch available






CVE-2016-3353 RCE vulnerability affecting Microsoft Internet Explorer 9 through 11. Financial 1 High Patch available






CVE-2018-0802 RCE vulnerability affecting Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016. Information Theft 1 High Patch available






 

CVE-2018-0171 RCE vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software. Disruption 1 Critical Patch available






CVE-2015-3636 Local privilege escalation in the Linux kernel pre-version 4.0.3. Information Theft 1 Medium Patch available






CVE-2017-11882 Vulnerability in Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 permitting an attacker to run arbitrary code. Financial 1 High Patch available






CVE-2017-0145 RCE vulnerability in the Server Message Block (SMB) v1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016. Financial 1 High Patch available






CVE-2017-0143 RCE vulnerability targeting SMB v1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016. Financial 1 High Patch available

Table 1: Summary of vulnerabilities reported as exploited in April 2018

 

It’s a constant challenge to understand which patches you ought to prioritize applying, but this blog provides information that can help to feed into your decision. If you are running the applications, systems and services listed, these are the 10 vulnerabilities you should be paying attention to. The next post in this series will provide a similar analysis of vulnerabilities for May 2018.

 

To stay up-to-date with the latest vulnerabilities and threat intelligence, subscribe to our newsletter.

Previous Post
Shadow Talk Update – 05.21.2018
Shadow Talk Update – 05.21.2018

In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, join...

Next Post
Digital Shadows 7th Anniversary – A Look Back
Digital Shadows 7th Anniversary – A Look Back

Today marks the 7th anniversary of Digital Shadows. As James and I looked back on the year, we were amazed ...

×

Join 150k subscribers and get the latest news & threat intel in your inbox.

First Name
Last Name
Company
Country
State- optional
Job Title
Thank you!
Error - something went wrong!