Most Exploited Vulnerabilities Audit

Find Windows Devices with Routinely Exploited Vulnerabilities

CISA recently their list of frequently exploited vulnerabilities from the last few years. Some of which even date back to 2012! To ensure that your network doesn't isn't vulnerable to any of these exploited vulnerabilities, we've created a special audit that gives an overview of all your machines and whether they are at risk or not. In most cases, simply applying the latest Microsoft updates will easily resolve the issue, so you can also use the Patch Tuesday reports to double-check whether you have the latest patches installed.

The audit below covers the following vulnerabilities: CVE-2017-11882, CVE-2017-0199, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759 and CVE-2015-1641. You can read our dedicated blog post on the top 8 most exploited vulnerabilities here to find more info.

Run the audit below to check if you still have any devices that remain unpatched or might be vulnerable to exploitation of the mentioned vulnerabilities. For the most accurate results, be sure to rescan your environment before running the report.

This report has been updated:

  • Vulnerabilities for specific software will now be blank on machines that do not have that software detected.

Routinely exploited vulnerabilities

Routinely Exploited Vulnerabilities Query

Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  CVE11882.[CVE-2017-11882 Status],
  CVE0199.[CVE-2017-0199 Status],
  CVE0158.[CVE-2012-0158 Status],
  CVE0604.[CVE-2019-0604 Status],
  Case
    When Max(PatchTuesday.KbNumber) >= 4016871 Then 'Safe'
    Else 'At risk'
  End As [CVE-2017-0143 Status],
  AdobeVersions.AdobeStatus As [CVE-2018-4878 Status],
  Case
    When Max(PatchTuesday.KbNumber) >= 4038777 Then 'Safe'
    Else 'At risk'
  End As [CVE-2017-8759 Status],
  CVE1641.[CVE-2015-1641 Status],
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried
From tblAssets
  Left Join (Select Top 1000000 tblAssets.AssetID,
        Convert(bigint,Replace(tblQuickFixEngineeringUni.HotFixID, 'KB',
        '')) As KbNumber
      From tblAssets
        Inner Join tblQuickFixEngineering On tblAssets.AssetID =
          tblQuickFixEngineering.AssetID
        Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
          = tblQuickFixEngineering.QFEID
      Where tblQuickFixEngineeringUni.HotFixID Like 'KB_______') As PatchTuesday
    On PatchTuesday.AssetID = tblAssets.AssetID
  Left Join (Select Top 1000000 tblSoftware.AssetID,
        Case
          When Cast(SubString(tblSoftware.softwareVersion, 0, CharIndex('.',
            tblSoftware.softwareVersion)) As INT) > 26 And
            tblSoftwareUni.softwareName Like '%Adobe Flash Player%' Then 'Safe'
          When Cast(SubString(tblSoftware.softwareVersion, 0, CharIndex('.',
            tblSoftware.softwareVersion)) As INT) <= 26 And
            tblSoftwareUni.softwareName Like '%Adobe Flash Player%' Then
            'At risk'
        End As AdobeStatus
      From tblSoftware
        Inner Join tblSoftwareUni On tblSoftware.softID = tblSoftwareUni.SoftID
      Where tblSoftwareUni.softwareName Like '%Adobe Flash Player%') As
  AdobeVersions On AdobeVersions.AssetID = tblAssets.AssetID
  Left Join (Select tblAssets.AssetID,
        Case
          When Max(Convert(bigint,Replace(tblQuickFixEngineeringUni.HotFixID,
            'KB', ''))) >= 4048952 Then 'Safe'
          Else 'At risk'
        End As [CVE-2017-11882 Status]
      From tblAssets
        Inner Join tblQuickFixEngineering On tblAssets.AssetID =
          tblQuickFixEngineering.AssetID
        Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
          = tblQuickFixEngineering.QFEID
        Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
        Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
      Where tblQuickFixEngineeringUni.HotFixID Like 'KB_______' And
        (tblSoftwareUni.softwareName Like 'Microsoft Office%2016%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2013%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2010%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2007%')
      Group By tblAssets.AssetID) As CVE11882 On CVE11882.AssetID =
    tblAssets.AssetID
  Left Join (Select tblAssets.AssetID,
        Case
          When Max(Convert(bigint,Replace(tblQuickFixEngineeringUni.HotFixID,
            'KB', ''))) >= 4015219 Then 'Safe'
          Else 'At risk'
        End As [CVE-2017-0199 Status]
      From tblAssets
        Inner Join tblQuickFixEngineering On tblAssets.AssetID =
          tblQuickFixEngineering.AssetID
        Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
          = tblQuickFixEngineering.QFEID
        Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
        Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
      Where tblQuickFixEngineeringUni.HotFixID Like 'KB_______' And
        (tblSoftwareUni.softwareName Like 'Microsoft Office%2016%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2013%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2010%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2007%')
      Group By tblAssets.AssetID) As CVE0199 On CVE0199.AssetID =
    tblAssets.AssetID
  Left Join (Select tblAssets.AssetID,
        Case
          When Max(Convert(bigint,Replace(tblQuickFixEngineeringUni.HotFixID,
            'KB', ''))) >= 2597112 Then 'Safe'
          Else 'At risk'
        End As [CVE-2012-0158 Status]
      From tblAssets
        Inner Join tblQuickFixEngineering On tblAssets.AssetID =
          tblQuickFixEngineering.AssetID
        Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
          = tblQuickFixEngineering.QFEID
        Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
        Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
      Where tblQuickFixEngineeringUni.HotFixID Like 'KB_______' And
        (tblSoftwareUni.softwareName Like 'Microsoft Office%2003%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2010%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2007%')
      Group By tblAssets.AssetID) As CVE0158 On CVE0158.AssetID =
    tblAssets.AssetID
  Left Join (Select tblAssets.AssetID,
        Case
          When Max(Convert(bigint,Replace(tblQuickFixEngineeringUni.HotFixID,
            'KB', ''))) >= 4489871 Then 'Safe'
          Else 'At risk'
        End As [CVE-2019-0604 Status]
      From tblAssets
        Inner Join tblQuickFixEngineering On tblAssets.AssetID =
          tblQuickFixEngineering.AssetID
        Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
          = tblQuickFixEngineering.QFEID
        Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
        Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
      Where tblQuickFixEngineeringUni.HotFixID Like 'KB_______' And
        tblSoftwareUni.softwareName Like '%Sharepoint%'
      Group By tblAssets.AssetID) As CVE0604 On CVE0604.AssetID =
    tblAssets.AssetID
  Left Join (Select tblAssets.AssetID,
        Case
          When Max(Convert(bigint,Replace(tblQuickFixEngineeringUni.HotFixID,
            'KB', ''))) >= 2553164 Then 'Safe'
          Else 'At risk'
        End As [CVE-2015-1641 Status]
      From tblAssets
        Inner Join tblQuickFixEngineering On tblAssets.AssetID =
          tblQuickFixEngineering.AssetID
        Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
          = tblQuickFixEngineering.QFEID
        Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
        Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
      Where tblQuickFixEngineeringUni.HotFixID Like 'KB_______' And
        (tblSoftwareUni.softwareName Like 'Microsoft Office%2013%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2010%' Or
          tblSoftwareUni.softwareName Like 'Microsoft Office%2007%' Or
          tblSoftwareUni.softwareName Like '%Sharepoint%2010%' Or
          tblSoftwareUni.softwareName Like '%Sharepoint%2013%' Or
          tblSoftwareUni.softwareName Like '%Office%Web%Apps%2010%' Or
          tblSoftwareUni.softwareName Like '%Office%Web%Apps%2013%')
      Group By tblAssets.AssetID) As CVE1641 On CVE1641.AssetID =
    tblAssets.AssetID
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Inner Join tblState On tblState.State = tblAssetCustom.State
Group By tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10,
  tblAssets.IPAddress,
  CVE11882.[CVE-2017-11882 Status],
  CVE0199.[CVE-2017-0199 Status],
  CVE0158.[CVE-2012-0158 Status],
  CVE0604.[CVE-2019-0604 Status],
  AdobeVersions.AdobeStatus,
  CVE1641.[CVE-2015-1641 Status],
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName,
  tblSoftware.softwareVersion

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting