Top 10 Vulnerabilities

Intel Corp is a leader in the tech world of cyber security and uncovers an average of 245 new computer related threats daily. The experts at Intel have developed a Threat Dashboard that lists all the current threats, vulnerabilities, ransomware, exploit kits and campaigns of which their experts are aware that are designed to nefarious invade electronic devices for the purpose of stealing valuable personal and confidential information.

Intel has determined the following to be the Top 10 Vulnerabilities of which computer users everywhere need to be aware:

CVE-2017-0038

This is a vulnerability in Microsoft Windows that could permit a remote hacker to gain access to sensitive information. The flaw lies within the Graphics Device Interface (gdi32.dll) which can be exploited using an EMF file which is an extension of the spool file format Enhanced MetaFile which is used for reading, filing, storing and printing documents in the Windows computer operating system.

Cloudbleed

This vulnerability was found in websites that use CloudFlare which is a content delivery network that lies between the computer user and the user’s internet host. The vulnerability results in possible memory leaks that expose private customer information.

CVE-2016-1019

Adobe Flash Player is affected by this vulnerability which allows remote hackers to cause a denial of service, application crash and/or the possibility of executing arbitrary code using unspecified vectors (direction and magnitude). Adobe Flash Player is a popular freeware for accessing content created there, including Internet applications, viewing multimedia and streaming audio and video.

CVE-2016-4117

This vulnerability also affects Adobe Flash Player’s by enabling remote code execution.

CVE-2016-0189

This vulnerability allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption in Microsoft JScript 5.8 and VBScript 5.7 and 5.8 engines, which are used in Internet Explorer’s versions 9 through 11 and other products.

CVE-2016-7200

Microsoft Edge’s Chakra JavaScript engine is affected and allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption using a “crafted” website which are those built for purposes of carrying out a cyber attack.

CVE-2017-0037

This vulnerability could result in remote code execution in Microsoft Internet Explorer and the flaw lies within the “HandleColumnBreakOnColumnSpanningElement.”

CVE-2016-7201

Microsoft Edge’s Chakra JavaScript is affected with this vulnerability and allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption using a crafted website.

CVE-2016-7288

This vulnerability also affects Microsoft Edge and could result in execution of arbitrary code or a denial of service and the flaw lies within the scripting engines that are exploitable using crafted websites.

CVE-2017-0016

This vulnerability causes memory corruption in Microsoft Windows applications and could result in a denial of service with the flaw lying in mrxsmb20.sys and the way SMB traffic is handled.

Computer users have their work cut out for them trying to keep up with the latest computer viruses and hacking vulnerabilities that can affect anyone anywhere anytime. Maintaining up-to-date security software is critical to fighting nefarious computer invasions as well as developing a working relationship with competent IT professionals like those at EyesEverywhere.