فا

‫ Microsoft Security Intelligence Report (1st section)

IRCRE201406166
Date: 2014-06-01
 
Volume 16 of the Microsoft Security Intelligence Report (SIRv16) provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. Microsoft developed these perspectives based on detailed trend analysis over the past several years, with a focus on third and fourth quarters of 2013.
Vulnerabilities
Vulnerability Severity
The following figure shows Industry-wide vulnerability disclosures by severity, 1H11–2H13.

High-severity vulnerability disclosures decreased 8.8 percent industrywide in 2H13, after increasing by 20.4 percent from 2H12 to 1H13. High-severity vulnerabilities accounted for 31.5 percent of total disclosures in 2H13, compared to 31.6 percent in the previous period.
Medium-severity vulnerability disclosures increased 19.1 percent from 1H13, and accounted for 59.3 percent of total disclosures in 2H13.
Low-severity vulnerability disclosures decreased 4.1 percent from 1H13. They remained low in relative terms in 2H13, and accounted for 9.2 percent of total disclosures.
Vulnerability Complexity
Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat that a vulnerability poses. A high-severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower-severity vulnerability that can be exploited more easily.
The following figure shows Industry-wide vulnerability disclosures by access complexity, 1H11–2H13.

Disclosures of Low-complexity vulnerabilities—those that are the easiest to exploit—accounted for 43.5 percent of all disclosures in 2H13, a decrease from 52.9 percent in 1H13.
Disclosures of Medium-complexity vulnerabilities accounted for 51.9 percent of all disclosures in 2H13, an increase from 41.9 percent in 1H13.
Disclosures of High-complexity vulnerabilities decreased to 4.6 percent of all disclosures in 2H13, down from 5.3 percent in 1H13.
 
Operating System, Browser, and Application Vulnerabilities
The following figure shows Industry-wide operating system, browser, and application vulnerabilities, 1H11–2H13.

Vulnerabilities in applications other than web browsers and operating system applications increased 34.4 percent in 2H13 and accounted for 58.1 percent of total disclosures for the period.
Operating system vulnerabilities increased 48.1 percent in 2H13, going from last place to second. Overall, operating system vulnerabilities accounted for 17.6 percent of total disclosures for the period.
Browser vulnerability disclosures decreased 28.1 percent in 2H13 and accounted for 9.6 percent of total disclosures for the period.
 
Vulnerability Disclosures
The following figure charts vulnerability disclosures for Microsoft and non-Microsoft products, 1H11–2H13.
 
Microsoft vulnerability disclosures remained mostly stable, increasing from 174 disclosures in 1H13 to 177 in 2H13, an increase of 1.7 percent.
Exploits
The following figure shows the prevalence of different types of exploits detected by Microsoft antimalware products in each quarter in 2013.

Despite decreasing each quarter, Java exploits were the most commonly encountered type of exploits in 2H13.
Encounters with web-based (HTML/JavaScript) threats decreased by more than half in 2H13 to become the second most commonly encountered type of exploits.
Detections of operating system, Adobe Flash, and document exploits remained mostly stable during the second half of the year.

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 12 خرداد 1393

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0