Cybercriminals are forever on the hunt for the latest software vulnerabilities to exploit. Cybersecurity professionals race to patch them up. But with more than 12,000 common vulnerabilities and exposures (CVEs) reported in 2019, knowing which to focus on can be a daunting prospect.

To help infosec workers prioritise, researchers at cybersecurity firm Recorded Future analysed last year’s top vulnerabilities to create a list of the top ten most commonly exploited software vulnerabilities of 2019.

Eight out of 10 security flaws affected Microsoft, with four of those targeting Windows Explorer. The remaining two target Adobe Flash Player, with one Adobe vulnerability the most exploited of the year.

Meanwhile, six of the vulnerabilities were from 2018, suggesting companies and individuals are not being proactive enough in rolling out fixes.

The good news is that there are patches available for all of the ten most exploited software vulnerabilities of 2019.

Here are the top ten software flaws, in order of most exploited. For more information and advice, the full Recorded Future report can be found here.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Ten most exploited software vulnerabilities of 2019

1) CVE-2018-15982 – Adobe Flash Player

Associated malware: Fallout Exploit Kit, Spelevo Exploit Kit, Thredkit, GreenFlash Sundown, Lord Exploit Kit, GrandCrab, Capesand Exploit Kit, Maze Ransomware.

Common vulnerability scoring system (CVSS): 10/10

2) CVE-2018-8174 – Microsoft Internet Explorer

Associated malware: SLUB, Fallout Exploit Kit, KaiXin Exploit Kit, LCG Kit Exploit Kit, Magnitude Exploit Kit, RIG Exploit Kit, Trickbot, Underminer Exploit Kit, Capesand Exploit Kit, Dridex, IcedID, Buran Ransomware, Grandcrab

CVSS: 7.6

3) CVE-2017-11882 – Microsoft Office

Associated malware: Agent Tesla Keylogger, Artemis, Formbook, Nanocore, PowerShower, Loki, Heur, Chanitor, Trillium Security Multisploit Tool, Emotet, Silent Doc Exploit, ThreadKit, VenomKit.

CVSS: 9.3

4) CVE-2018-4878 – Adobe Flash Player

Associated malware: Grandcrab, Fallout Exploit Kit, RIG Exploit Kit, Spelevo, Capesand Exploit Kit, GreenFlash Exploit Kit, Hermes Ransomware, Sundown Exploit Kit, Threadkit Exploit Kit.

CVSS: 7.5

5) CVE-2019-0752 – Microsoft Internet Explorer

Associated malware: SLUB, Capesand Exploit Kit.

CVSS: 7.6

6) CVE-2017-0199 – Microsoft Office

Associated malware: njRAT, RevengeRat, Pony, QuasarRAT, REMCOS RAT, SHUTTERSPEED, Silent Doc Exploit Kit, Threadkit Exploit Kit.

CVSS: 9.3

7) CVE-2015-2419 – Microsoft Internet Explorer

Associated malware: Capesand Exploit Kit Sundown Exploit Kit.

CVSS: 9.3

8) CVE-2018-20250 – Microsoft WinRAR

Associated malware: BalkanRAT

CVSS: 6.8

9) CVE-2017-8750 – Microsoft Internet Explorer

Associated malware: ThreadKit Exploit Kit, QuasarRat

CVSS: 7.6

10) CVE-2012-0158 – Microsoft Office

Associated malware: Silent Doc Exploit

CVSS: 9.3


Read more: Exclusive: Data breach exposes 17,000 yachting industry professionals