6 Vulnerabilities to Follow in 2018, According to Skybox Research Lab

Victoria Schmidt/strong> Feb 7, 2018

The new Vulnerability and Threat Trends Report released today by the Skybox Research Lab includes security analyst research of the vulnerabilities, exploits and threats that are shaping the threat landscape. The report outlines the top six vulnerabilities to follow in 2018 amid the 14,000 new vulnerabilities catalogued by MITRE’s National Vulnerability Database the previous year.

To read the full report, click here.

New CVEs Double in 2017

In 2017, the number of new vulnerabilities assigned a CVE by MITRE was more than double that of 2016. The jump was largely due to organizational improvements at MITRE and increased security research by vendors and third–parties, including vendor–sponsored bug bounty programs. The result was more than 14,000 newly assigned CVEs. Whatever the reason, it introduced yet more challenges to the teams responsible for managing vulnerabilities and prioritizing which to fix first.

To help you sort through the clutter, Skybox has put together a short-list of top vulnerabilities to follow in 2018:

Oracle WebLogic Server

  • Easily exploitable vulnerability via HTTP capable of compromising Oracle WebLogic, a Java EE application server
  • Has been documented as downloading and executing cryptocurrency miners
  • CVE-2017-10271

Apache Struts 2 Vulnerability

  • RCE vulnerability
  • Easy attack vector, similar to the vulnerability used in the Equifax data breach
  • CVE-2017-9805

Microsoft Windows Vulnerability in Windows Search Service

  • RCE vulnerability that does not require user interaction
  • CVE-2017-11771

Microsoft XML Services Vulnerability

  • Added to the Astrum exploit kit (aka Stegano)
  • Recently used in a malvertising campaign delivering the Mole ransomware
  • CVE–2017–02643

Microsoft Office Vulnerability

  • RCE vulnerability which could allow for memory corruption
  • Delivered by a phishing email with an RTF attachment
  • A zero–day, the vulnerability was in use in actual attacks months before Microsoft’s patch in October 2017
  • CVE-2017-11826

Apple iAmRoot

  • Allows root access with no authentication
  • Not exploited in the wild (as of the publishing of this report), but attack vector is trivial
  • CVE-2017-13872

Of course, the particular threat any of these vulnerabilities pose will be affected by the network in which they exist and their use by threat actors. That’s why Skybox recommends establishing a threat–centric vulnerability management (TCVM) program to adapt to changes in the threat landscape and your organization. The TCVM approach helps security practitioners establish their own list of vulnerabilities to follow, focusing those most likely to be used in an attack. Identifying these vulnerabilities requires analysis of vulnerabilities in relation to the business, network and threats in play, prioritizing those that are exposed or actively exploited in the wild for immediate remediation.

To learn more about Skybox TCVM, visit

About the Vulnerability and Threat Trends Report

The inaugural report aims to help organizations align their security strategy with the reality of the current threat landscape. The force behind the report is the Skybox™ Research Lab, a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. They validate and enhance data through automated as well as manual analysis, with adding their knowledge of attack trends, cyber events and TTPs of today’s attackers.

Related Posts

CVEs Abound, But Not Enough to Secure the Enterprise: While MITRE improves catalog methods, it still falls short to improve vulnerability management programs and prioritization to tackle today’s threats.

Victoria Schmidt is a seasoned content expert with years of experience in content creation for government, SMB and enterprises. Originally from the Washington, DC area, she started her career writing for the U.S. Department of the Treasury and Federal Employees Health Benefits Program. As Skybox’s communication program manager, she leads the global social media and analyst relations program. She holds an MBA and a bachelor’s degree in English.

Recent Posts

Functional silos create dysfunctional OT security
Read More
What’s new in the Skybox Security version 11.5 release
Read More
Cryptomining is hottest new malware type, research reveals
Read More
Three ways to modernize your OT security programs
Read More
How to manage third-party cyber risk in banking and financial services
Read More
Vulnerability and Threat Trends Report highlights the importance of cyber exposure analysis that goes beyond CVSS rating
Read More