Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerability Disclosures Increased in Second Half of 2013: Microsoft

Vulnerability disclosures in the second half of 2013 were up 6.5 percent from the first six months of the year industry-wide, according to a new report from Microsoft.

Vulnerability disclosures in the second half of 2013 were up 6.5 percent from the first six months of the year industry-wide, according to a new report from Microsoft.

The stats were included in Microsoft’s latest Security Intelligence Report. According to the company, the number of vulnerability disclosures during the final half of the year remained below their peak in the first half of 2012 and well below levels seen prior to 2009, when totals of 3,500 disclosures or more were not uncommon for six-month periods.

High-severity vulnerability disclosures decreased 8.8 percent industry-wide in the second half of 2013 after increasing by 20.4 percent from the second half of 2012 to the first half of 2013. These vulnerabilities accounted for 31.5 percent of total disclosures in the second half of last year, compared to 31.6 percent in the preceding six months.

“New research conducted by Trustworthy Computing’s Security Science team shows a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013,” blogged Tim Rains, director of Trustworthy Computing at Microsoft. “This is a clear indication that newer products are providing better protection, even in cases where vulnerabilities exist. While this trend is promising, cybercriminals aren’t giving up.”

Vulnerabilities in applications other than web browsers and operating system applications increased 34.4 percent in during the last half of 2013, and accounted for 58.1 percent of total disclosures for the period, the report noted. Operating system vulnerabilities increased 48.1 percent in the last six months of the year, going from last place to second. Overall, operating system vulnerabilities accounted for 17.6 percent of total disclosures for the period.

After reaching a high point in the first six months of 2013, operating system application vulnerabilities decreased 46.3 percent in the second half of the year, accounting for 14.7 percent of total disclosures for the period. Browser vulnerability disclosures dropped 28.1 percent during the final half of the year, accounting for 9.6 percent of total disclosures during the period.

“While this trend is promising, cybercriminals aren’t giving up,” Rains blogged. “Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices. The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled.”

The full report can be viewed here.

Advertisement. Scroll to continue reading.

In addition to releasing its latest Security Intelligence Report, Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.