Security News > 2021 > July > CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer
In a perfect world, CISA would laminate cards with the year's top 30 vulnerabilities: You could whip it out and ask a business if they've bandaged these specific wounds before you hand over your cash.
According to the advisory, attackers are unlikely to stop coming after geriatric vulnerabilities, including CVE-2017-11882: a Microsoft Office remote code execution bug that was already near drinking age when it was patched at the age of 17 in 2017.
The top four preyed-upon 2020 vulnerabilities were discovered between 2018 to 2020, showing how common it is for organizations using the devices or technology in question to sidestep patching or remediation.
CVE 2020-5902: a critical vulnerability in F5 Networks' BIG-IP advanced delivery controller networking devices that, as of July 2020, was being exploited by attackers to scrape credentials, launch malware and more.
Can Security Teams Keep Up? Rick Holland, Digital Shadows CISO and vice president of strategy, called CISA vulnerability alerts an "Influential tool to help teams stay above water and minimize their attack surface."
"Taking a risk-based approach to vulnerability management is the way forward; and teams should unquestionably be prioritizing vulnerabilities that are actively being exploited."
News URL
https://threatpost.com/cisa-top-bugs-old-enough-to-buy-beer/168247/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-15 | CVE-2017-11882 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |