Top Exploits According to the NSA

In October, The US National Security Agency (NSA) has published an in-depth report detailing the top 25 vulnerabilities that are currently being consistently scanned, targeted, and exploited by Chinese state-sponsored hacking groups. 

All 25 security bugs are well known and have patches available from their vendors, ready to be installed. Six of the vulnerabilities are common on systems typically used by small businesses in the US. Work with your IT experts to make sure you are safe from these known security holes. These six vulnerabilities are listed below.

Exploits for many vulnerabilities are also publicly available. Some have been exploited by more than just Chinese hackers, being incorporated into the arsenal of ransomware gangs, low-level malware groups, and nation-state actors from other countries, e.g. Russia and Iran.

“Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks,” the NSA said.

7) CVE-2019-0708 (aka BlueKeep) – A remote code execution vulnerability exists within Remote Desktop Services on Windows operating systems.

10) CVE-2020-1472 (aka Netlogon) – An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC).

11) CVE-2019-1040 – A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection.

13) CVE-2020-0688 – A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory.

21) CVE-2020-0601 (aka CurveBall) – A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear that the file was from a trusted, legitimate source.

22) CVE-2019-0803 – An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.