‫ Microsoft Security Intelligence Report (1st section)

IRCRE201311150
Date: 2013-11-06
 
Volume 15 of the Microsoft Security Intelligence Report (SIRv15) provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. Microsoft developed these perspectives based on detailed trend analysis over the past several years, with a focus on first and second quarters of 2012.
Vulnerabilities
Vulnerability Severity

The following figure shows Industry-wide vulnerability disclosures by severity, 2H10–1H13.

High-severity vulnerability disclosures increased 12.9 percent industry wide in 1H13, after decreasing by 31.2 percent from 1H12 to 2H12. High-severity vulnerabilities accounted for 36.7 percent of total disclosures in 1H13, compared to 31.6 percent in the previous period.
Medium-severity vulnerability disclosures decreased 10.0 percent from 2H12, and accounted for 52.9 percent of total disclosures in 1H13.
Low-severity vulnerability disclosures decreased 7.0 percent from 2H12. They remained relatively low in 1H13, and accounted for 10.4 percent of total disclosures.
Vulnerability Complexity
Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat that a vulnerability poses. A high-severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower-severity vulnerability that can be exploited more easily.

The following figure shows Industry-wide vulnerability disclosures by access complexity, 2H10–1H13. Note that Low complexity indicates the greatest risk; High complexity indicates the least risk.

Disclosures of Low-complexity vulnerabilities—those that are the easiest to exploit—accounted for 53.4 percent of all disclosures in 1H13, an increase from 50.7 percent in 2H12.
Disclosures of Medium-complexity vulnerabilities accounted for 41.1 percent of all disclosures in 1H13, a decrease from 45.7 percent in 2H12.
Disclosures of High-complexity vulnerabilities increased to 5.5 percent of all disclosures in 2H12, an increase from 3.6 percent in 1H12.
Operating System, Browser, and Application Vulnerabilities

The following figure shows Industry-wide operating system, browser, and application vulnerabilities, 2H10–1H13.

Application vulnerability disclosures decreased 12.9 percent in 1H13 and accounted for 63.5 percent of total disclosures for the period.
After several periods of decline, operating system vulnerability disclosures increased 39.3 percent in 1H13, outnumbering browser vulnerabilities. Overall, operating system vulnerabilities accounted for 22.2 percent of total disclosures for the period.
Browser vulnerability disclosures decreased 18.3 percent in 1H13 and accounted for 14.3 percent of total disclosures for the period.
Vulnerability Disclosures

The following figure charts vulnerability disclosures for Microsoft and non-Microsoft products since 2H10.

After several periods of decline, disclosures of vulnerabilities in Microsoft products increased to 7.4 percent of all disclosures across the industry, an increase from 3.1 percent in 2H12.
Exploits
The following figure shows the prevalence of different types of exploits, 3Q12–2Q13.

Web-based (HTML/JavaScript) threats continued to be the most commonly encountered type of exploit encountered in 2Q13, followed by Java exploits and operating system exploits.

The encounter rate for Adobe Flash exploits increased slightly in the second quarter, from 0.01 percent of computers worldwide in 1Q13 to 0.12 percent in 2Q13. An increase in the exploitation of a number of older Flash vulnerabilities was mostly responsible for the increase; Adobe has published security updates to address these vulnerabilities, but the updates had not been applied to the affected computers, which remained vulnerable.
Reference:

Microsoft Security Intelligence Report, Volume 15, January through June, 2013


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 15 آبان 1392

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0