Security News > 2021 > July > 22% of exploits for sale in underground forums are more than three years old

22% of exploits for sale in underground forums are more than three years old
2021-07-15 06:00

Trend Micro released a research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old.

Older exploits for sale more popular with criminals.

The research found that 22% of exploits for sale in underground forums are more than three years old.

"The lifespan of a vulnerability or exploit does not depend on when a patch becomes available to stop it. In fact, older exploits are cheaper and therefore may be more popular with criminals shopping in underground forums. Virtual patching remains the best way to mitigate the risks of known and unknown threats to your organization."

The oldest exploit sold in the underground was for CVE-2012-0158, a Microsoft RCE. CVE-2016-5195, known as the Dirty Cow exploit, is still ongoing after five years.

Access-as-a-Service has the advantages of an exploit, but all the hard work has already been done for the buyer, with underground prices starting at $1000.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/1Jws7icw3YM/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-11-10 CVE-2016-5195 Race Condition vulnerability in multiple products
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." 		7.0
7.0
2012-04-10 CVE-2012-0158 Code Injection vulnerability in Microsoft products
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
network
low complexity
microsoft CWE-94
8.8
8.8