Eight out of the ten most exploited vulnerabilities tracked by threat intelligence biz Recorded Future in 2018 targeted Microsoft products – though number two on its list was, surprise surprise, a Flash flaw.

The most exploited vuln in the firm's hall of shame was a remote code execution flaw in Windows' VBScript engine that could pwn users who opened a booby-trapped web page with Internet Explorer.

"Exploit kits associated with this vulnerability were noted to spread the malware Trickbot through phishing attacks," said Recorded Future in a report published today.

The Flash vuln was none other than one exploited by North Korean state-backed hackers – first detected by South Korea's CERT, which discovered a flood of booby-trapped MS Office documents, web pages, spam messages and more.

Meanwhile, a near three-year-old vuln continues to be one of the most exploited flaws tracked by Recorded Future. Unveiled in July 2016, the Neutrino exploit kit was built out of code first published by white hats trying to provoke Microsoft into cleaning up an Internet Explorer zero-day vuln.

Recorded Future said it had seen five new exploit kits using the underlying code to target hapless IE users, warning that "the only workarounds are restricting access to two common dynamic-linked library files: VBScript.dll and JScript.dll".

The threat intelligence biz used a list of 167 exploit kits to define its master list of commonly abused vulns, as well as 492 remote-access Trojans. Its report specifically excluded Spectre, Meltdown and Eternalblue, on the grounds that the latter was "not used by the criminal underground", while the former pair were also not "heavily utilized" by miscreants. ®