Beyond Just the Known Exploited Vulnerabilities to the Vulnerabilities Threat Actors are Routinely Exploiting

On April 27, 2022, the cybersecurity authorities of the Five Eyes nations published a joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A). As in prior years, this joint effort highlights multiple vulnerabilities that threat actors are routinely exploiting – in some cases year after year – on devices and software that remain unpatched or are no longer supported by a vendor. This list, plus the larger CISA’s Known Exploited Vulnerabilities Catalog, are part of a coordinated push to help all organizations prioritize vulnerability management activities, including patching efforts that many struggle with.

The routinely exploited vulnerabilities in 2021 range in year of disclosure between 2017–2021. This report once again indicates that while actors are adept at swiftly capitalizing on newly disclosed vulnerabilities, they persistently favor old ones too. For example, CVE-2017-11882, a remote code execution bug impacting Microsoft Office (from 5 years ago), appears to be a fan favorite among threat actors as it has repeatedly made the top routinely exploited vulnerabilities over the past 3 reporting cycles.