Vulnerability disclosures in the second half of 2013 were up 6.5 percent from the first six months of the year industry-wide, according to a new report from Microsoft.
The stats were included in Microsoft’s latest Security Intelligence Report. According to the company, the number of vulnerability disclosures during the final half of the year remained below their peak in the first half of 2012 and well below levels seen prior to 2009, when totals of 3,500 disclosures or more were not uncommon for six-month periods.
High-severity vulnerability disclosures decreased 8.8 percent industry-wide in the second half of 2013 after increasing by 20.4 percent from the second half of 2012 to the first half of 2013. These vulnerabilities accounted for 31.5 percent of total disclosures in the second half of last year, compared to 31.6 percent in the preceding six months.
“New research conducted by Trustworthy Computing’s Security Science team shows a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013,” blogged Tim Rains, director of Trustworthy Computing at Microsoft. “This is a clear indication that newer products are providing better protection, even in cases where vulnerabilities exist. While this trend is promising, cybercriminals aren’t giving up.”
Vulnerabilities in applications other than web browsers and operating system applications increased 34.4 percent in during the last half of 2013, and accounted for 58.1 percent of total disclosures for the period, the report noted. Operating system vulnerabilities increased 48.1 percent in the last six months of the year, going from last place to second. Overall, operating system vulnerabilities accounted for 17.6 percent of total disclosures for the period.
After reaching a high point in the first six months of 2013, operating system application vulnerabilities decreased 46.3 percent in the second half of the year, accounting for 14.7 percent of total disclosures for the period. Browser vulnerability disclosures dropped 28.1 percent during the final half of the year, accounting for 9.6 percent of total disclosures during the period.
“While this trend is promising, cybercriminals aren’t giving up,” Rains blogged. “Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices. The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled.”
The full report can be viewed here.
In addition to releasing its latest Security Intelligence Report, Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
