All computer programs rely on code to function, but coding flaws can give way to software vulnerabilities. Some of these have resulted in widespread panic and dire consequences, shaking the cybersecurity world.So, which software vulnerabilities are the biggest and most dangerous?
The Log4Shell software vulnerability existed within Apache Log4j, a popular Java logging framework used by tens of millions of people worldwide.
In November 2021, a critical coding flaw was discovered by Chen Zhaojun, a member of the Alibaba Cloud Security Team. Zhaojun first noticed the flaw within Minecraft servers.
The flaw, officially named CVE-2021-44228, became known as Log4Shell.
The Log4Shell security flaw is a zero-day vulnerability, so it was exploited by malicious actors before it was noticed by cybersecurity experts, meaning they could run remote code execution. Through this, hackers could install malicious code into Log4j, making data theft, spying, and the spread of malware possible.
Though a patch was released for the Log4Shell vulnerability not long after it was discovered, this security flaw is by no means a thing of the past.
Cybercriminals are still using Log4Shell in their exploits to this day, though the patch has reduced the threat level significantly. According to Rezilion, a shocking 26 percent of public Minecraft servers are still vulnerable to Log4Shell.
If a company or individual has not updated their software, the Log4Shell vulnerability will likely still be around, providing an open door for attackers.
EternalBlue (known officially as MS17-010) is a software vulnerability that began to cause a stir in April 2017. What’s surprising about this vulnerability is that it was partly developed by the NSA, a huge American intelligence agency known for helping the US Department of Defense with military affairs.
The NSA discovered the EternalBlue vulnerability within Microsoft, though it wasn’t until five years later that Microsoft became aware of the flaw. EternalBlue was worked on by the NSA as a possible cyber weapon, and it took a hack for the world to be notified of this.
In 2017, a hacking group known as Shadow Brokers leaked the existence of EternalBlue after digitally infiltrating the NSA. It turned out that the flaw gave NSA secret backdoor access to a range of Windows-based devices, including those running Windows 7, Windows 8, and the often-maligned Windows Vista. In other words, the NSA could access millions of devices without the users’ knowledge.
Though there is a patch for EternalBlue, Microsoft and the public’s lack of awareness of the flaw left devices vulnerable for years.
The Heartbleed security flaw was officially discovered in 2014, though it had been present in the OpenSSL code library for two years prior. Certain outdated versions of the OpenSSL library contained Heartbleed, which was deemed severe upon discovery.
Known officially as CVE-2014-0160, Heartbleed was a pretty critical concern due to its location in OpenSSL. Because OpenSSL was used as an SSL encryption layer between website databases and end users, a lot of sensitive data could be accessed via the Heartbleed flaw.
But during this communication process, there was another connection that wasn’t encrypted, a sort of foundation layer that ensured both computers in the conversation were active.
Hackers found a way to exploit this unencrypted line of communication in order to squeeze sensitive data out of the previously secured computer. Essentially, the attacker would flood the system with requests in the hope of getting back some juicy information.
Heartbleed was patched in the same month as its official discovery, but older versions of OpenSSL can still be vulnerable to the flaw.
4. Double Kill
Double Kill (or CVE-2018-8174) was a critical zero-day vulnerability that put Windows systems at risk. Discovered in 2018, this flaw made cybersecurity news headlines due to its presence in all Windows operating systems from 7 onwards.
Double Kill is found in the Windows Internet Explorer browser and exploits a VB script flaw. The attack method involves using a malicious Internet Explorer webpage which contains the code required to abuse the vulnerability.
Double Kill has the potential to give attackers the same kinds of system permissions as the original, authorized user if exploited correctly. Attackers can even gain total control of one’s Windows device in such scenarios.
In May 2018, Windows released a patch for Double Kill.
CVE-2022-0609 is another severe software vulnerability identified in 2022. The Chrome-based bug turned out to be a zero-day vulnerability that was exploited in the wild by attackers.
This vulnerability could affect all Chrome users, which is why its severity level is so high. CVE-2022-0609 is what is known as a use-after-free bug, meaning it has the ability to alter data and execute code remotely.
It didn’t take long for Google to release a patch for CVE-2022-0609 in a Chrome browser update.
In May 2019, a critical software flaw known as BlueKeep was discovered by Kevin Beaumont, a cybersecurity expert. The flaw could be found in Microsoft’s Remote Desktop Protocol, which is used to remotely diagnose system issues, as well as give users remote access to their desktops from another device.
Officially known as CVE-2019-0708, BlueKeep is a remote execution vulnerability, meaning it can be used to execute code remotely on a target device. Proof of concepts developed by Microsoft showed that targeted computers could be compromised and taken over by attackers in under a minute, highlighting the flaw’s severity.
Once a device is accessed, the attacker can remotely execute code on a user’s desktop.
The one upside of BlueKeep is that it only affects older versions of Windows, including:
- Windows Vista.
- Windows XP.
- Windows Server 2003.
- Windows Server 2008.
- Windows Server 2008 R2.
- Windows 7.
If your device is running on any Windows OS later than those listed above, you likely don’t need to worry about BlueKeep.
ZeroLogon, or CVE-2020-1472 as it is known officially, is a Microsoft-based software security flaw discovered in August 2020. The Common Vulnerability Scoring System (CVSS) scored this flaw 10 out of 10 on the severity scale, making it highly dangerous.
This can exploit the Active Directory resource that usually exists on Windows enterprise servers. Officially, this is known as the Active Directory Netlogon Remote Protocol.
ZeroLogon puts users at risk because it has the potential to alter sensitive account details, including passwords. The flaw exploits the authentication method so that accounts can be accessed without verifying identity.
In the same month as its discovery, Microsoft released two patches for ZeroLogon.
Software Vulnerabilities Are Worryingly Common
We rely so heavily on software that it’s natural for bugs and flaws to crop up. But some of these coding errors can give way to highly exploitable security vulnerabilities, putting both providers and users at risk.