Skip to main content

Decade-old vulnerabilities still being exploited by hackers

Published on: 10 Sep 2018

Cyber criminals are exploiting security software flaws that are almost a decade old, a new report has found.

The Web-based Threat - 2018 Q2 report, published by Palo Alto Networks, has highlighted the fact that organisations should ensure certain software, such as Microsoft Windows and Adobe Flash and Reader, are fully up to date with the latest versions and security updates.

One of the weaknesses still being exploited by hackers was CVE-2009-0075, a nine-and-a-half-year-old Microsoft Internet Explorer 7 vulnerability. Palo Alto’s researchers say this was in the company’s top five list last quarter and is number four this quarter.

Another vulnerability, CVE-2008-4844, is also nine-and-a half years old and affects Microsoft Internet Explorer 5, 6 and 7. It ranks fifth in this quarter’s report.

A statement from Palo Alto read: "In the realm of vulnerabilities, we see remarkable consistency, with a nearly identical roster of vulnerabilities under attack in this quarter as last quarter.

“The only notable addition to this roster is a vulnerability known to be used in zero-day attacks.”

The group also urged organisations to look at using limited privilege user accounts to restrict the damage of malware.