A vulnerability in Microsoft's Windows operating system that was used, allegedly by the US and Israel, to plant the Stuxnet virus in Iranian nuclear plants is still among the most exploited flaws in the OS.
Microsoft issued a patch for the flaw, documented as CVE-2010-2568, back in 2010.
Data from anti-virus company Kaspersky showed that almost a quarter of Windows users who experienced a threat to their systems in 2016 were faced by exploits of this flaw.
It said that the release of the recent batch of CIA exploits by Shadow Brokers had shown that the life of an exploit did not end once a patch was released to fix the vulnerability that it used.
{loadposition sam08}"Our research suggests that threat actors are still actively and successfully exploiting vulnerabilities patched almost a decade ago," the company said, with the chart below illustrating this.
Kaspersky Lab also issued the following statistics about exploits in 2015-16:
- In 2016 the number of attacks with exploits increased 24.54%, to 702,026,084 attempts to launch an exploit.
- A total of 4,347,966 users were attacked with exploits in 2016 which is 20.85% less than in the previous year.
- The number of corporate users who encountered an exploit at least once increased 28.35% to reach 690,557, or 15.76% of the total amount of users attacked with exploits.
- Browsers, Windows, Android and Microsoft Office were the applications exploited most often – 69.8% of users encountered an exploit for one of these applications at least once in 2016.
- In 2016, more than 297,000 users worldwide were attacked by unknown exploits (zero-day and heavily obfuscated known exploits).
Kaspersky found that Windows, Flash and Microsoft Office topped the list of software that was attacked in 2015-16.
Graphics: courtesy Kaspersky Lab.