Microsoft SIR finds decline in vulnerability disclosures, sharp rise in Java exploits

An improvement of software development practices and quality control across the industry has contributed to a decline in vulnerability disclosures 2010.

Microsoft has documented a decline in the total number of application vulnerabilities in 2010 and tracked the skyrocketing use of exploits targeting two Java vulnerabilities.

Vulnerability disclosures for Microsoft products increased slightly in 2010 but have generally remained stable over the past several periods.

Microsoft report

The total number of application vulnerabilities in 2010 declined 22.2% from 2009. In addition, industry vulnerability disclosure trends, the number of documented security issues, continued its overall trend of moderate declines since 2006. Vulnerability disclosures across the industry were down 16.5% in 2010 from 2009. The trend is being attributed by Microsoft to “better development practices and quality control throughout the industry, which result in more secure software and fewer vulnerabilities."

The Microsoft Security Intelligence Report, volume 10, draws from data pulled from its security software user base and paints a picture of the current threat landscape. Microsoft said it pulled the anonymous data from more than 600 million systems, Internet service providers and several Microsoft Security Centers.

The severity of application flaws is also in decline. Microsoft said medium and high severity disclosures fell by 17.5% and 20.2% from 2009, respectively. The software giant bases its figures on vulnerability severity using ratings from the Common Vulnerability Scoring System (CVSS). The CVSS assigns a score from 0 to 10 to vulnerabilities based on severity, with higher scores representing greater severity.

Experts said the data provided by Microsoft is positive and shows that attacks are becoming more difficult to carry out. The number of complex vulnerabilities is increasing. High complexity vulnerability disclosures increased 43.3%, from 120 in 2009 to 172 in 2010. Meanwhile, low and medium complexity vulnerability disclosures declined 28.3% and 5.0% from 2009, respectively. 

“There’s a difference between disclosed vulnerabilities and actually seeing attacks using those vulnerabilities,” said Harry Sverdlove, chief technology officer of application whitelisting vendor Bit9. “While the number may have declined, it’s a positive for everybody, but it also shows that it only takes one or two really bad vulnerabilities for a spike in the number of actual attacks to occur.”

Vulnerabilities in Microsoft products accounted for 7.2% of all vulnerabilities disclosed in 2010, an increase of 4.5% from 2009. Microsoft said the increase is due to an overall decline in vulnerability disclosures across the industry during that time.

“Vulnerability disclosures for Microsoft products increased slightly in 2010, but have generally remained stable over the past several periods,” Microsoft said in its report.

Java exploitation
Microsoft said the threat landscape was dominated by exploits targeting Java vulnerabilities in 2010. The number of exploits targeting Java increased in the second quarter of 2010 and surpassed every other exploitation category the Microsoft Malware Protection Center tracks, including generic HTML/scripting exploits, operating system exploits and document exploits.

“Malware written in Java has existed for many years, but attackers had not focused significant attention on exploiting Java vulnerabilities until somewhat recently,” Microsoft said in its report.

The increases are attributed to exploits targeting two Java vulnerabilities – CVE-2008-5353 and CVE-2009-3867 — which have since been patched by Oracle.

The most prevalent type of attack involved malicious IFrames, Microsoft said. “Exploits that use HTML and JavaScript steadily increased throughout the year and continue to represent a large portion of exploits.” The exploits are often used in drive-by attacks. An attacker will host malware on a popular webpage. When a victim visits the page, the exploits run and if the victim’s software is not up to date, their system can become compromised, Microsoft said.

“The message here is it’s very important to make sure all the software you’re running on your system, from all of the vendors, not just Microsoft, are kept up to date,” Tim Rains, group product manager with Microsoft’s Trustworthy Computing Group said in a  video interview provided by Microsoft.

Meanwhile, the number of Adobe Acrobat and Adobe Reader exploits dropped by more than half after the first quarter and remained at a reduced level throughout the remainder of the year, Microsoft said. 

Adware increases
Microsoft said it also found a sharp increase in adware using JavaScript. Detections. Adware rose from 8.9% of infected computers in the second quarter of 2010 to 15.1% in the fourth quarter of 2010, an increase of 70%.

The two most commonly detected pieces of adware were Pornpop and Clickpotato. Pornpop, a JavaScript exploit, attempts to display porn popup advertisements and is commonly detected when the victim visits a website containing adult content. Pornpop showed up on computers located in 16 different countries, Microsoft said.  Clickpotato, also JavaScript, displays popup  display advertisements based on a user’s browsing habits. Clickpotato is typically downloaded with other software installation packages.

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close