Security Market Segment LS
Wednesday, 20 March 2019 08:39

Microsoft targeted by 8 of 10 top vulnerabilities in 2018: study

Microsoft targeted by 8 of 10 top vulnerabilities in 2018: study Pixabay

Microsoft was targeted by eight of the top ten vulnerabilities in 2018, a study by the security intelligence firm Recorded Future has found.

This was the second successive year that Microsoft topped this list, the firm's Kathleen Kuczma said in a blog post, pointing out that the Redmond behemoth had been affected by seven out of the top ten vulnerabilities in 2017.

In the previous two years, 2015 and 2016, the majority of vulnerabilities targeted Adobe's Flash Player. In 2018, only one Flash vulnerability was in the top 10 and the remaining one in the top 10 was aimed at Android.

As with the 2017 report, vulnerabilities changed from year to year, with the most exploited one which targeted Microsoft Office, moving to fifth place in 2018. Exploits used by nation states were not included in the study.

Kuczma said that the number of new exploit kits dropped by half in 2018, with five new kits being spotted.

A list of 167 exploit kits was used as one of the parameters to determine the top referenced and exploited vulnerabilities of 2018.

This year, Recorded Future also looked at remote access trojans and found that 35 new ones were released in 2018, 12 less than in 2017. Only one, which had the moniker Sisfader, was tied to a top vulnerability, an exploit for Microsoft Office.

An exploit kit known as ThreadKit was notable for the number of mentions it had received on the dark web, Kuczma noted. ThreadKit contained four of the top ten vulnerabilities as of the end of 2018 and was selling for US$400.

Kuczma offered the following tips for those who wanted to avoid being hit by Windows vulnerabilities to the extent possible:

  • Prioritise patching of all the vulnerabilities identified in this post.
  • Do not forget to patch older vulnerabilities – the average vulnerability stays alive for nearly seven years.
  • Remove the affected software if it does not impact key business processes.
  • Consider Google Chrome as a primary browser.
  • While Flash Player is going away and more sites increasing have removed this technology from its site, continue to heed caution with websites that don’t.
  • Use browser ad-blockers to prevent exploitation via malvertising.
  • Frequently back up systems, particularly those with shared files, which are regular ransomware targets.
  • Users and organisations should conduct or maintain phishing security awareness to mitigate attacks.
  • Companies should deliver user training to encourage scepticism of emails requesting additional information or prompting clicks on any links or attachments. Companies will not generally ask customers for personal or financial data, but when in doubt, contact the company directly by phone and confirm if they actually need the information.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments