The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021.
These threats were outlined in a joint Cybersecurity Advisory (CSA) coauthored by the cybersecurity authorities of the United States, Australia, Canada, New Zealand and the United Kingdom.
The advisory provided details on the top 15 common vulnerabilities and exposures (CVEs) routinely exploited by malicious actors in 2021, as well as other CVEs that were frequently exploited.
The CSA noted exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.
The report also offered a series of mitigation actions, which include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious actors.
Bud Broomhead, CEO at Viakoo, a provider of automated IoT cyber hygiene, noted both Log4j and Microsoft Exchange vulnerabilities were both extremely serious but in different ways.
“Log4j brought a lot of attention to vulnerabilities being delivered via open source software libraries and their ability to be present in hundreds, if not thousands, of makes and models of devices, particularly IoT,” he said.
From his perspective, compared to vulnerabilities impacting just one manufacturer, the blast radius from Log4j is enormous.
“Because of the diversity of devices infected by Log4j, it also highlighted how many IoT devices can be functioning within an organization past its end-of-life date,” he said. “For those devices, there will never be a patch available to remediate vulnerabilities like Log4j.”
He explained that Microsoft Exchange Server vulnerabilities (like ProxyLogon) highlighted a different but equally serious issue; how long it takes to patch a system once a patch is available.
In the case of Exchange Server, it was one of the most urgent and visible vulnerabilities of 2021, yet six months after the patch was made available, 30%…