Security News > 2021 > May > Microsoft, Adobe Exploits Top List of Crooks’ Wish List

Microsoft, Adobe Exploits Top List of Crooks’ Wish List
2021-05-18 12:32

You can't possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.

A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits.

A second data point shows that 61 percent of sold exploits targeted Microsoft products, including Office, Windows, Internet Explorer and Microsoft Remote Desktop Protocol.

The crooks are going after fresh, tender new vulnerabilities, with 52 percent of exploits on their wish list being less than 2 years old: an age bracket that also accounts for 54 percent of exploits being sold.

Of the "Outdated" exploits being sold, 45 percent were Microsoft-flavored, with the second crook crowd-pleaser being Adobe exploits.

Keep in mind that Microsoft and Adobe exploits are hot-ticket items: "It's simply unrealistic to think you can patch everything," Fuentes noted.


News URL

https://threatpost.com/top-microsoft-adobe-exploits-list/166241/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774
Adobe 112 77 1333 1988 640 4038