Zero-day are exploited on a massive scale in increasingly shorter timeframes

Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks.

According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide.

The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability and remarked on the importance of the patch management process.

“As cyber threat actors—both nation state and criminal—become more adept at leveraging these vulnerabilities, we have observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability. This makes it essential that organizations patch exploits immediately.” reads the report.

Microsoft noted that it only takes 14 days on average for the exploitation of the flaw in the wild after its public disclosure, and it takes 60 days for the release of the exploit code on GitHub.

The experts observed that the zero-day vulnerabilities are initially exploited in highly targeted attacks, then they are quickly adopted in attacks in the wild.

Many nation-state actors have developed capabilities to create exploits from unknown vulnerabilities,
China-linked APT groups are particularly proficient in this activity.

“China’s vulnerability reporting regulation went into effect September 2021, marking a first in the world for a government to require the reporting of vulnerabilities into a government authority for review prior to the vulnerability being shared with the product or service owner.” continues the report. “This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them.”

Below is a list of vulnerabilities first developed and deployed by China-linked threat actors in attacks, before being publicly disclosed and spread among other actors in attacks in the wild:

Microsoft urges organizations to prioritize patching of zero-day vulnerabilities as soon as they are released, it also recommends to document and inventory all enterprise hardware and software
assets to determine their exposure to attacks.

“Vulnerabilities are being picked up and exploited on a massive scale, and in increasingly shorter timeframes.” the company concludes.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.