Action1 has unveiled new research in its Software Vulnerability Ratings Report 2024 to provide trends based on exploitability rates and the dynamics of Remote Code Execution (RCE) vulnerabilities within enterprise software categories and specific applications. Key findings include:
- Attackers target load balancers with record exploitation rate: Action1 researchers discovered a high exploitation rate for NGINX (100%) and Citrix (57%). Vulnerabilities in load balancers pose significant risks, as just one exploit can provide attackers with broad access or disruption capabilities against targeted networks.
- Threat actors target Apple operating systems: MacOS and iOS showed an increased exploitation rate of 7% and 8%, respectively. Additionally, although MacOS reduced its total vulnerability by 29% from 2023 to 2022, exploited vulnerabilities increased by over 30%. These findings underscore the targeted nature of attacks on iOS devices.
- MSSQL RCE vulnerabilities surge, highlighting the risk of new exploits: In 2023, Microsoft SQL Server (MSSQL) experienced a 1600% surge in critical vulnerabilities, each being an RCE. This spike signals a potential risk that attackers are quickly discovering and exploiting the next unknown RCE.
- Increased exploitability of MS Office as attackers take advantage of human error: MS Office’s critical vulnerabilities account for nearly 80% of the overall annual vulnerability count, up to 50% being RCEs. In 2023, Microsoft saw its exploitation rate rise to 7%, compared to 2% in 2022. These findings underscore threat actors’ exploitation of user-facing software prone to human error
You can read the full report here.
Like this:
Like Loading...
Related
This entry was posted on June 18, 2024 at 9:00 am and is filed under Commentary with tags Action1. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Software Vulnerability Ratings Report For 2024 Finds High Exploitability Rates & RCE Vulnerabilities
Action1 has unveiled new research in its Software Vulnerability Ratings Report 2024 to provide trends based on exploitability rates and the dynamics of Remote Code Execution (RCE) vulnerabilities within enterprise software categories and specific applications. Key findings include:
You can read the full report here.
Share this:
Like this:
Related
This entry was posted on June 18, 2024 at 9:00 am and is filed under Commentary with tags Action1. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.