Security News > 2021 > May > Microsoft, Adobe Exploits Top List of Crooks’ Wish List
You can't possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.
A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits.
A second data point shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol.
The crooks are going after fresh, tender new vulnerabilities, with 52 percent of exploits on their wish list being less than 2 years old: an age bracket that also accounts for 54 percent of exploits being sold.
Of the "Outdated" exploits being sold, 45 percent were Microsoft-flavored, with the second crook crowd-pleaser being Adobe exploits.
Keep in mind that Microsoft and Adobe exploits are hot-ticket items: "It's simply unrealistic to think you can patch everything," Fuentes noted.
News URL
https://threatpost.com/top-microsoft-adobe-exploits-list/166241/
Related news
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)