Cybercriminals are forever on the hunt for the latest software vulnerabilities to exploit. Cybersecurity professionals race to patch them up. But with more than 12,000 common vulnerabilities and exposures (CVEs) reported in 2019, knowing which to focus on can be a daunting prospect.

To help infosec workers prioritise, researchers at cybersecurity firm Recorded Future analysed last year’s top vulnerabilities to create a list of the top ten most commonly exploited software vulnerabilities of 2019.

Eight out of 10 security flaws affected Microsoft, with four of those targeting Windows Explorer. The remaining two target Adobe Flash Player, with one Adobe vulnerability the most exploited of the year.

Meanwhile, six of the vulnerabilities were from 2018, suggesting companies and individuals are not being proactive enough in rolling out fixes.

The good news is that there are patches available for all of the ten most exploited software vulnerabilities of 2019.

Does artificial intelligence need more regulation?

View Results

Loading ... Loading ...

Here are the top ten software flaws, in order of most exploited. For more information and advice, the full Recorded Future report can be found here.

Ten most exploited software vulnerabilities of 2019

1) CVE-2018-15982 – Adobe Flash Player

Associated malware: Fallout Exploit Kit, Spelevo Exploit Kit, Thredkit, GreenFlash Sundown, Lord Exploit Kit, GrandCrab, Capesand Exploit Kit, Maze Ransomware.

Common vulnerability scoring system (CVSS): 10/10

2) CVE-2018-8174 – Microsoft Internet Explorer

Associated malware: SLUB, Fallout Exploit Kit, KaiXin Exploit Kit, LCG Kit Exploit Kit, Magnitude Exploit Kit, RIG Exploit Kit, Trickbot, Underminer Exploit Kit, Capesand Exploit Kit, Dridex, IcedID, Buran Ransomware, Grandcrab

CVSS: 7.6

3) CVE-2017-11882 – Microsoft Office

Associated malware: Agent Tesla Keylogger, Artemis, Formbook, Nanocore, PowerShower, Loki, Heur, Chanitor, Trillium Security Multisploit Tool, Emotet, Silent Doc Exploit, ThreadKit, VenomKit.

CVSS: 9.3

3 Things That Will Change the World Today

4) CVE-2018-4878 – Adobe Flash Player

Associated malware: Grandcrab, Fallout Exploit Kit, RIG Exploit Kit, Spelevo, Capesand Exploit Kit, GreenFlash Exploit Kit, Hermes Ransomware, Sundown Exploit Kit, Threadkit Exploit Kit.

CVSS: 7.5

5) CVE-2019-0752 – Microsoft Internet Explorer

Associated malware: SLUB, Capesand Exploit Kit.

CVSS: 7.6

6) CVE-2017-0199 – Microsoft Office

Associated malware: njRAT, RevengeRat, Pony, QuasarRAT, REMCOS RAT, SHUTTERSPEED, Silent Doc Exploit Kit, Threadkit Exploit Kit.

CVSS: 9.3

7) CVE-2015-2419 – Microsoft Internet Explorer

Associated malware: Capesand Exploit Kit Sundown Exploit Kit.

CVSS: 9.3

8) CVE-2018-20250 – Microsoft WinRAR

Associated malware: BalkanRAT

CVSS: 6.8

9) CVE-2017-8750 – Microsoft Internet Explorer

Associated malware: ThreadKit Exploit Kit, QuasarRat

CVSS: 7.6

10) CVE-2012-0158 – Microsoft Office

Associated malware: Silent Doc Exploit

CVSS: 9.3


Read more: Exclusive: Data breach exposes 17,000 yachting industry professionals