Enable breadcrumbs token at /includes/pageheader.html.twig

Microsoft Products Most Exploited in 2021, Cyber Agencies Declare

The company’s software provided a way in for cyber marauders worldwide.

Cybersecurity officials from Australia, Canada, New Zealand, the United Kingdom and the United States issued an advisory April 27 disclosing the most common digital vulnerabilities and exposures routinely leveraged by cyber attackers in 2021. Of the top 15 software vulnerabilities identified across all of the countries, Microsoft products accounted for nine such issues.

The United States’ Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI collaborated with the Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre and United Kingdom’s National Cyber Security Centre to issue the advisory.

“[The] cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” the officials stated. “To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.”

To reduce the continued risk of compromise from nefarious cyber actors, the international cyber protectors encouraged government agencies and industry to apply recommended mitigations included as part of the advisory, such as updating software and patches and implementing a centralized patch management system.

When asked to comment by SIGNAL Magazine, Andrew Grotto, former White House director for Cybersecurity Policy, warned that the U.S. government’s and industry’s extensive reliance on Microsoft products—which some experts estimate as 85 percent of the government’s software market—makes them susceptible to attacks. He urged the government to immediately push for more secure software tools and systems from Microsoft. Grotto is currently the William J. Perry International Security Fellow at Stanford University and the founding director of the Stanford Cyber Policy Center’s program on Geopolitics, Technology and Governance.

“Nine out of 15 of the most commonly exploited vulnerabilities cited in this cybersecurity advisory involved Microsoft products,” Grotto stressed. “These products are ubiquitous in U.S. government networks and widely used throughout the private sector, especially among small- to medium-sized enterprises. This problem won’t get better until customers—including the federal government—demand better security from their largest technology vendors.”

Apache’s major Log4j remote code execution issue, Zoho’s remote code execution vulnerability, Atlassian’s arbitrary code execution problem, VMware’s vSphere Client remote code execution vulnerability, Pulse’s arbitrary file reading, and Fortinet’s FortiOS and FortiProxy path traversal issues represented the other main vulnerabilities in 2021, after the nine Microsoft Exchange Server and Microsoft Netlogon remote protocol problems.

In addition, the officials identified 21 other common vulnerabilities that were also routinely used by malicious cyber actors to mount digital attacks in 2021. Five of these vulnerabilities also stemmed from Microsoft tools.

“Globally, in 2021, malicious cyber actors targeted Internet-facing systems, such as email servers and virtual private network servers, with exploits of newly disclosed vulnerabilities,” the international cyber protectors said. “For most of the top exploited vulnerabilities, researchers or other actors released proof-of-concept code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also routinely exploited in 2020 or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.”