Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerability Disclosures Increased in Second Half of 2013: Microsoft

Vulnerability disclosures in the second half of 2013 were up 6.5 percent from the first six months of the year industry-wide, according to a new report from Microsoft.

Vulnerability disclosures in the second half of 2013 were up 6.5 percent from the first six months of the year industry-wide, according to a new report from Microsoft.

The stats were included in Microsoft’s latest Security Intelligence Report. According to the company, the number of vulnerability disclosures during the final half of the year remained below their peak in the first half of 2012 and well below levels seen prior to 2009, when totals of 3,500 disclosures or more were not uncommon for six-month periods.

High-severity vulnerability disclosures decreased 8.8 percent industry-wide in the second half of 2013 after increasing by 20.4 percent from the second half of 2012 to the first half of 2013. These vulnerabilities accounted for 31.5 percent of total disclosures in the second half of last year, compared to 31.6 percent in the preceding six months.

“New research conducted by Trustworthy Computing’s Security Science team shows a 70 percent decline in the number of severe vulnerabilities (those that can enable remote code execution) that were exploited in Microsoft products between 2010 and 2013,” blogged Tim Rains, director of Trustworthy Computing at Microsoft. “This is a clear indication that newer products are providing better protection, even in cases where vulnerabilities exist. While this trend is promising, cybercriminals aren’t giving up.”

Vulnerabilities in applications other than web browsers and operating system applications increased 34.4 percent in during the last half of 2013, and accounted for 58.1 percent of total disclosures for the period, the report noted. Operating system vulnerabilities increased 48.1 percent in the last six months of the year, going from last place to second. Overall, operating system vulnerabilities accounted for 17.6 percent of total disclosures for the period.

After reaching a high point in the first six months of 2013, operating system application vulnerabilities decreased 46.3 percent in the second half of the year, accounting for 14.7 percent of total disclosures for the period. Browser vulnerability disclosures dropped 28.1 percent during the final half of the year, accounting for 9.6 percent of total disclosures during the period.

“While this trend is promising, cybercriminals aren’t giving up,” Rains blogged. “Our data shows that in the second half of 2013 there was a noticeable increase in cybercriminal activity where attackers used deceptive practices. The continued increase in deceptive tactics is striking; in the last quarter of 2013, the number of computers impacted as a result of deceptive tactics more than tripled.”

The full report can be viewed here.

In addition to releasing its latest Security Intelligence Report, Microsoft on Tuesday released updated versions of white papers focused on software supply chain security and critical infrastructure protection.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.