4 July 2022

Half of 2022's 0-days are variants of 2021’s 0-days


Half of 2022's 0-days are variants of 2021’s 0-days

Maddie Stone, the researcher from Google’s Project Zero team, published an overview of her talk, “ 0-day In-the-Wild Exploitation in 2022…so far”, that she gave at the FIRST cybersecurity conference last month. As the title suggests, the talk was about zero-day vulnerabilities that have been exploited by cybercriminals in the first half of this year.

According to Stone, from the beginning of 2022 till June, 15 the researchers have identified and disclosed eighteen 0-day vulnerabilities. It’s worth noting that at least nine of them are variants of previously fixed flaws.

“At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests,” said the researcher.

Furthermore, four 0-days of 2022 are variants of 2021 0-days. Just 12 months from the original flaw being patched, cybercriminals came back with a new version of it. For example, the infamous critical vulnerability in Microsoft Windows (CVE-2022-30190) known as ‘Follina’ is a variant of the last year’s remote code execution bug in Microsoft MSHTML (CVE-2021-40444).

Another Windows vulnerability – CVE-2022-21882 – is a new iteration of the privilege escalation bug in Microsoft Windows (CVE-2021-1732) that did get a patch, but this patch turned out to be insufficient. According to Stone, only “the execution flow that the proof-of-concept exploits took were patched, but the root cause issue was not addressed”. Thus, hackers could exploit the original bug using a different method.

RCE-vulnerability in WebKit (CVE-2022-22620) known as ‘Zombie’ and spoofing attack flaw in Microsoft Windows LSA (CVE-2022-26925) known as ‘PetitPotam’ are the results of a regressed patching.

An iOS IOMobileFrameBuffer bug (CVE-2022-22587) is a variant of the last year’s CVE-2021-30983.

RCE-vulnerability in Google Chrome (CVE-2022-1096) is a resurrection of CVE-2021-30551.

Other 2022 zero-days that are variants of improperly addressed security flaws are CVE-2022-1364 in Chrome which is a new variant of CVE-2021-21195, and CVE-2022-26134 in Atlassian Confluence which is a new variant of CVE-2021-26084.

Back to the list

Latest Posts

Ransomware gang target UK water supplier but send ransom demand to the wrong company

Ransomware gang target UK water supplier but send ransom demand to the wrong company

The threat actors claimed to have access to water treatment SCADA systems and “these systems which control chemicals in water.”
17 August 2022
Argentina's Judiciary of Cordoba targeted with ransomware

Argentina's Judiciary of Cordoba targeted with ransomware

The incident described as “worst attack on public institutions in history” impacted the agency’s website, digital services and databases.
16 August 2022
Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

The group’s targets include defense and intelligence consulting companies, NGOs, IGOs, and higher education institutions.
16 August 2022