Assaults concentrating on a distant code execution vulnerability in Microsoft’s MSHTML browser engine — which was patched final September — soared throughout the second quarter of this yr, in accordance with a Kaspersky evaluation.
Researchers from Kaspersky counted no less than 4,886 assaults concentrating on the flaw (CVE-2021-40444) final quarter, an eightfold improve over the primary quarter of 2022. The safety vendor attributed the continued adversary curiosity within the vulnerability to the convenience with which it may be exploited.
Kaspersky stated it has noticed menace actors exploiting the flaw in assaults on organizations throughout a number of sectors together with the vitality and industrial sectors, analysis and improvement, IT corporations, and monetary and medical know-how companies. In lots of of those assaults, the adversaries have used social engineering tips to attempt to get victims to open specifically crafted Workplace paperwork that may then obtain and execute a malicious script. The flaw was beneath lively assault on the time Microsoft first disclosed it in September 2021.
The assaults concentrating on the MSHTML flaw have been a part of a broader set of exploit exercise final quarter that overwhelmingly focused Microsoft vulnerabilities. In accordance with Kaspersky, exploits for Home windows vulnerabilities accounted for 82% of all exploits throughout all platforms throughout the second quarter of 2022. Whereas assaults on the MSHTML vulnerability elevated probably the most dramatically, it was certainly not probably the most exploited flaw.
Outdated Is Gold for Risk Actors
Kaspersky’s telemetry confirmed way more assaults on a handful of different vulnerabilities from 2018 and 2017. One among them was CVE-2018-0802, a distant code execution (RCE) vulnerability in Microsoft Workplace that was attacked some 345,827 occasions final quarter. One other comparable reminiscence corruption flaw from 2017 (CVE-2017-11882) was focused in 140,623 assaults whereas a Microsoft Workplace/WordPad distant code execution flaw additionally from 2017 (CVE-2017-0199) was concerned in 60,132 assaults.
The so-called Follina vulnerability in Microsoft Help Diagnostic Software (MSDT) (CVE-2022-30190) was among the many most focused of current vulnerabilities. The RCE flaw was one in every of no less than 5 zero-day flaws that Microsoft has disclosed this yr.
In complete, Kaspersky discovered vulnerabilities in older variations of Microsoft Workplace being utilized in assaults towards greater than half one million customers in second quarter. The assaults are one other reminder of how unpatched vulnerabilities in older applied sciences stay a preferred and extremely engaging goal for menace actors, the safety vendor famous. “Outdated variations of purposes stay the principle targets for attackers, with nearly 547,000 customers in complete being affected by corresponding vulnerabilities within the final quarter,” Kaspersky stated.
Kaspersky’s report is one other reminder of why safety consultants advocate fast patching of Microsoft vulnerabilities. Current knowledge has proven attackers have gotten a lot quicker at exploiting flaws than earlier than. A examine that Rapid7 carried out final yr confirmed that the imply time to recognized exploitation for vulnerabilities in 2021 was simply 12 days — a 71% lower from 42 days in 2020. The corporate defined the numbers as being pushed by a pointy rise in zero-day exploit exercise. “A drastic discount in time to exploitation yr over yr signifies that not solely are well-worn emergency patching procedures needed, incident response protocols are prone to require repeated use as properly,” Rapid7 famous on the time.