Nine Microsoft vulnerabilities in the top 15 exploited regularly in 2021

Nine Microsoft product vulnerabilities were among the top 15 regularly exploited flaws in 2021 listed by government security agencies in Five Eyes countries.

Among these, six remotely exploitable flaws in Microsoft Exchange Server. Four of these flaws have been named ProxyLogon.

At the top of the list was Log4Shell, which affects a logging library used by Apache web server software. He did an RCE in Zoho Components (web-based business tools).

Also on the list were Atlassian Confluence Server and Data Center, VMware vSphere Client, Pulse Secure, Fortinet FortiOS and FortiProxy.

Agencies in these countries that published the list were the NSA, FBI and Cybersecurity and Infrastructure Security Agency (all American), Australian Cyber ​​Security Centre, Canadian Center for Cyber ​​Security, New Zealand National Cyber Security Center and the UK National Cyber ​​Security Center. .

the 20 page document also provided means to mitigate attacks against these vulnerabilities and a number of others.

faults one

defects two

“Globally, in 2021, malicious cyber actors targeted Internet-connected systems, such as mail servers and virtual private network servers, with exploits of newly disclosed vulnerabilities,” the document states.

“For most of the most exploited vulnerabilities, researchers or other actors have released proof-of-concept code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a wider range of malicious actors. .

“To a lesser extent, malicious cyber actors continued to exploit dated and publicly known software vulnerabilities, some of which were also regularly exploited in 2020 or earlier.

“Exploitations of old vulnerabilities demonstrate the continued risk to organizations that fail to patch software in a timely manner or use software that is no longer supported by a vendor.”


The last year has seen a meteoric rise in ransomware incidents around the world.

Over the past 12 months, threat researchers at SonicWall Capture Labs have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available through the SonicWall Cyber ​​Threat Report 2022, which ensures that SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the growing wave of cybercrime.

Click the button below to get the report.



It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a 3-4 week campaign before your event.

The iTWire campaign will include numerous advertisements on our news site and a major newsletter promotion and promotional and editorial news. Plus a keynote speaker video interview on iTWire TV which will be used in promotional messages on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on supporting your webinars and campaigns and providing support through partial payments and extended terms, a Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


About Jon Moses

Check Also

IBM launches fourth-generation LinuxONE servers

IBM has unveiled the next generation of its LinuxONE server, which uses the Telum processor …