Microsoft Premier Support
Microsoft Security Support

Top 15 Exploited Vulnerabilities: Insights from Five Eyes Cybersecurity Agencies.

The latest cybersecurity report from the Five Eyes alliance has been released, and there’s a lot to unpack—including security flaws from some big names in the industry. The dust has settled enough for us to review that data and prepare ourselves for the cybersecurity landscape of 2025.
Mike Jones
Written by:
Mike Jones
Published Dec 17, 2024
Top 15 Exploited Vulnerabilities of 2023: Insights from Five Eyes Cybersecurity Agencies

By this point, we’ve all been hit with a letter or email stating, “We regret to inform you that our systems were recently compromised in a cyberattack, potentially impacting your personal information.” Gut-wrenching, right? You may not know if someone else has your information, what information they have, or what they will do with it. You have been a victim of digital theft and, once it’s done, you may be left picking up pieces shattered by a cybersecurity vulnerability.

However, once we know what happened, we can grow from the incident and better protect ourselves in the future. That’s why it’s important to analyze the top ways our systems have been exploited in the past so that our systems are more prepared than ever for the future.

Built to Cyber-Protect: Five Eyes Intelligence Oversight & Review Council

Image featuring the flags of the United States, Australia, Canada, New Zealand, and the United Kingdom, representing the Five Eyes cybersecurity alliance.
Top Cyber Threats of 2023: Insights from the Five Eyes Alliance.

In an effort to improve international cybersecurity, five countries work together to form the Five Eyes Intelligence Oversight & Review Council (FIORC). The United States, Australia, United Kingdom, New Zealand, and Canada work together by sharing intelligence about each country’s respective cyber capabilities.

In doing so, the Five Eyes alliance protects individual national interest through the collaborative sharing of cyber threat intelligence. Lately, this group has been warning the world that hackers are increasingly exploiting “zero-day vulnerabilities” to access sensitive information around the world. This marks a noticeable change in malicious online behavior, since attackers previously favored the exploitation of older software vulnerabilities.

Downtime Waits for No One.
Stay ahead of Microsoft challenges with expert insights shared directly to you inbox.

Zero-Day Vulnerabilities Are the New Normal

Image featuring the words 'ZERO-DAY' in red against binary code, symbolizing critical cybersecurity threats and global intelligence efforts to mitigate them.
Zero-Day Threat: Highlighting Cyber Vulnerabilities and Global Intelligence Cooperation.

A “zero-day vulnerability” or a “zero-day exploit” is a flaw in a software, hardware, or firmware system that is yet unknown, thus presenting a security gap that doesn’t have a known remedy. Cybercriminals discover these flaws before the device vendors are aware of them, then they take advantage of the insecurity for as long as they can before as solution is patched through to the system.

It’s important to be aware of the fact that there may always be bugs we don’t know about yet so that we can remain vigilant against these future threats. If we know how systems have been exploited in the past, we have better chances of preventing similar attacks in the future.

2023’s Most Routinely Exploited Cybersecurity Vulnerabilities According to Five Eyes

In November 2024, the Five Eyes intelligence alliance released an official Cybersecurity Advisory report listing the top 15 most-abused security flaws of 2023.

  1. Citrix – The top of the list features a remote code execution bug in NetScaler ADC and NetScaler Gateway (versions 12 and 13) that resulted in unauthorized data disclosure to unauthenticated attackers. This vulnerability was disclosed in July 2023.
  2. Citrix – In October 2023, another critical bug in NetScaler ADC and NetScaler Gateway was reported to be leaking sensitive information when configured as a gateway or AAA server (authentication, authorization and accounting). Effectively, a cyber actor could take control of an affected system. This security flaw is sometimes referred to as the “Citrix Bleed” vulnerability.
  3. Cisco – While this flaw was unpatched, the IOS XE operating system allowed attackers to create a new local user and password account for themselves to log in with normal access. This new (fake) local user was then leveraged to escalate privileges and allow the attacker to take control of an affected system.
  4. Cisco – Also in IOS XE, this bug featured insufficient input validation which, by exploiting another feature in their web UI, allowed attackers to elevate their privileges to root.
  5. Fortinet – In the FortiOS, the FortiProxy setup tool featured a vulnerability that allowed a heap-based buffer overflow. If the right request is sent, the system was open to a remote code execution.
  6. Progress Software – MOVEit Transfer software housed a SQL injection vulnerability allowing an attacker access to MySQL, Microsoft SQL Server, or Azure SQL databases. A savvy attacker could guess at information about the structure and contents of the database and then execute SQL statements that delete or alter database elements.
  7. Atlassian – Their Confluence data center and server harbored an improper input validation flaw which allowed hackers to create admin-level accounts and successfully run code. This did not affect certain cloud versions of the site.
  8. Apache Log4j – Although this cybersecurity vulnerability wreaked havoc in 2021, this serious issue still hadn’t been patched through 2023. This critical issue, also known as Log4Shell, grants attackers complete control over any device running an unpatched version of Log4j.
  9. Barracuda Networks – A cyberattack strategy often employed by Chinese hackers, this institution’s Email Security Gateway included a bug that allowed miscreants to “run remote commands on targeted equipment, hijack them, and deploy data-stealing spyware on the boxes for at least seven months.”
  10. Zoho – A flaw in their ManageEngine tool allowed attackers to craftily code a SAML Response XML, send it to the ServiceDesk Plus SAML endpoint, and gain full access to the back end of the database. While not all systems were vulnerable, this critical bug required a swift response to rescue those that were left unprotected.
  11. PaperCut – A security flaw in their software was taken advantage of to release personally identifiable information (PII) to remote, unauthenticated attackers. In this case, cyber actors used this access to implant ransomware affecting this server’s Education Facilities Subsector.
  12. Microsoft – A Netlogon flaw that was first spotted in 2020, but was still being exploited by hackers through 2023 because it hadn’t been patched yet. A successful attack through this flaw allows an attacker to spoof a domain controller account and, therefore, take control of an entire domain.
  13. JetBrains – An authentication bypass in its continuous integration server, TeamCity, permitted unauthenticated miscreants to have administrative control of the TeamCity server.
  14. Microsoft – This system flaw featured an option for hacker to use Outlook to process exploitative emails and open the door to cyberattack without any genuine user interaction. Once complete, abusers of this severe privilege escalation bug could grant access to the victim’s Net-NTLMv2 hash while also authenticating the attacker.
  15. ownCloud – An unauthenticated information disclosure vulnerability in its GraphAPI extension that allowed cybercriminals to steal administrative passwords, license keys, and mail server credentials.
Image of a person using a laptop and smartphone with digital lock symbols, representing cybersecurity protection and data security measures.
Stay Secure: Protect Your Data Against Evolving Cyber Threats in 2025.

2023's Most Exploited Vulnerabilities

Vendor Issue Impact Date Severity
Citrix Remote code execution in NetScaler ADC/Gateway Unauthorized data disclosure July 2023 Critical
Citrix Citrix Bleed – Information leak in NetScaler System control compromise October 2023 Critical
Cisco IOS XE local user creation vulnerability Privilege escalation 2023 High
Cisco IOS XE web UI privilege escalation Root access 2023 Critical
Fortinet FortiOS buffer overflow vulnerability Remote code execution 2023 Critical
Progress Software MOVEit Transfer SQL injection Database compromise 2023 Critical
Atlassian Confluence input validation flaw Admin account creation 2023 Critical
Apache Log4Shell vulnerability Complete system control 2021-2023 Critical
Barracuda Email Security Gateway exploit Remote command execution 2023 Critical
Zoho ManageEngine SAML vulnerability Database access 2023 Critical
PaperCut PII exposure vulnerability Data breach & ransomware 2023 High
Microsoft Netlogon domain controller spoofing Domain control 2020-2023 Critical
JetBrains TeamCity authentication bypass Administrative control 2023 Critical
Microsoft Outlook privilege escalation Credential theft 2023 High
ownCloud GraphAPI information disclosure Credential theft 2023 High

How to Protect Yourself Against Cyberattacks in 2025

Although the most recent report from FICOR focused on data from 2023, it helps us better understand how to protect ourselves against the innovative tactics used by cybercriminals around the world. Based on what we know about what happened in 2023, here are some tips for keeping you and your company’s data secure in the face of an ever-changing digital landscape.

Keep Your Systems Updated Against Cybersecurity Threats

New system updates typically include a vendor’s most secure version of their product or service. To ensure that you don’t get left behind with a vulnerable version of the system, make sure you follow your vendor’s recommendations regarding system upgrades.

Keep Cybersecurity Flaws Top of Mind for Two Years

After new security flaws are released, keep them on your radar for at least two years. Findings from the Five Eyes council indicate that cyber actors garner the most success from vulnerabilities within the first two years of their disclosure to the public.

Develop an Updated Incident Response Plan for Relevant Cybersecurity Vulnerabilities

When the worst happens (and data indicates that no system is perfectly safe 100% of the time), you don’t want to be caught without a plan. Ensure that your team is ready ahead of a cybersecurity incident with a response strategy that is fleshed out and tested annually.

Perform Regular Secure System Backups

This might go without saying, but: always remember to hit “save.” That counts for things even as big as your company’s device configurations and data, which should be stored off-network in a physically secure location.

Maintain Control Over Identity and Access Management

To make sure that only trusted users have access to sensitive data for your business, follow the best practices below:

  • Implement multifactor authentication (MFA) for all network users
  • Regularly review unprivileged accounts for validation or removal
  • Ensure that your software is configured to provide each user with only the most necessary permissions and no more

Consider Proactive Managed Service Support

For the ultimate peace of mind, talk to US Cloud about Vulnerability Assessment and Vulnerability Management. Our team of experts stays on top of industry news and best practices to ensure that your Microsoft and Azure environments stay secure, safe, and efficient. Contact us or schedule a call to talk to an expert with our team and we’ll be happy to help you and your company get started!

Mike Jones
Mike Jones
Mike Jones stands out as a leading authority on Microsoft enterprise solutions and has been recognized by Gartner as one of the world’s top subject matter experts on Microsoft Enterprise Agreements (EA) and Unified (formerly Premier) Support contracts. Mike's extensive experience across the private, partner, and government sectors empowers him to expertly identify and address the unique needs of Fortune 500 Microsoft environments. His unparalleled insight into Microsoft offerings makes him an invaluable asset to any organization looking to optimize their technology landscape.
Get Microsoft Support for Less

Unlock Better Support & Bigger Savings

  • Save 30-50% on Microsoft Premier/Unified Support
  • 2x Faster Resolution Time + SLAs
  • All-American Microsoft-Certified Engineers
  • 24/7 Global Customer Support