In the study done by the National Vulnerability Database (NVD), it shows that people can averagely discover approximately 45 new vulnerabilities every day. Moreover, the total number of found vulnerabilities has been increased by 130% since 2016. Among these vulnerabilities, 60% are considered as “Critical” or “High” severity.
In addition, 45% of these vulnerabilities can influence Microsoft products. Here is a list of 16 security vulnerabilities should be patched before 2020:
- CVE-2019-0708 – Older versions of Microsoft Windows: Affecting Remote Desktop Services of Windows as the attacker could execute arbitrary code on the target system.
- CVE-2019-2725 – Oracle WebLogic Server: Affecting the server versions 10.3.6.0 as well as 18.104.22.168., and cause remote code execution without authentication.
- CVE-2018-12130 – Intel x86 microprocessors: Allowing attackers to read privileged data across trust boundaries as a speculative execution side-channel vulnerabilities.
- CVE-2018-0802 – Microsoft Office software: Allowing attackers to run arbitrary code in the context of the current user and install programs, view, change or delete data.
- CVE-2018-10561 – DASAN Networks: It was built as an IoT botnet of 18,000 devices basing in Huawei in a day to exploit the flaw.
- CVE-2018-7600 – Drupal: Allowing attackers to execute arbitrary code and affecting Drupal versions before 7.58, 8.3.9,8.4.6 and 8.5.1.
- CVE-2018-20250 – WinRAR: Attacking against satellite and communications industry. Attackers can run multiple code execution techniques with this flaw.
- CVE-2018-4878 – Adobe Flash Player: Distributing malicious code hidden in MS documents, warned by South Korea’s CERT.
- CVE-2017-0143 – Microsoft SMB 1.0: Sending a specially crafted packet to a target SMBv1 server and allowing attackers to execute code on the targeted server.
- CVE-2017-8570 – Microsoft Office software: Allowing attackers to download high-profile malware such as Loki and Nanocore.
- CVE-2017-5715 – Spectre and Meltdown vulnerabilities: Affecting ARM and Intel processors as microprocessor side-channel attacks.
- CVE-2017-5638 – Apache Struts: Relating to the infamous Equifax data breach.
- CVE-2017-11882 – Microsoft Office software: Allowing attackers to use a specially crafted file sent over an email as Dubbed Memory corruption vulnerability.
- CVE-2017-8759 – Microsoft.net Framework: Allowing attackers to spread the Zyklon HTTP malware.
- CVE-2014-8361 – D-Link, Realtek: A new variant of the Mirai botnet included an exploit for this flaw among its 13 exploits.
- CVE-2012-0158 – Microsoft Common Controls: Allowing remote code execution if a user visits a website containing specially crafted content.