‫ Microsoft Security Intelligence Report (1st section)

IRCRE201304135
 
Date: 2013-04-27
 
Volume 14 of the Microsoft Security Intelligence Report (SIRv14) provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. Microsoft developed these perspectives based on detailed trend analysis over the past several years, with a focus on third and fourth quarters of 2012.
Vulnerabilities
Vulnerability Severity

The following figure shows Industry-wide vulnerability disclosures by severity, 1H10–2H12.

The overall decrease in industry-wide vulnerability disclosures was caused entirely by a decrease in high-severity vulnerabilities, which declined 25.1 percent from 1H12. High-severityvulnerabilities accounted for 30.9 percent of total disclosures in 2H12, compared to 38.0 percent in the previous period.
Medium-severity vulnerabilities accounted for 58.0 percent of total disclosures in 2H12. Low-severity vulnerability disclosures increased 19.0 percent from 1H12 but remained relatively low, accounting for 11.1 percent of total disclosures in 2H12.
Vulnerability Complexity
Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat that a vulnerability poses. A high-severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower-severity vulnerability that can be exploited more easily.

The following figure shows Industry-wide vulnerability disclosures by access complexity, 1H10–2H12. Note that Low complexity indicates the greatest risk; High complexity indicates the least risk.

Disclosures of Low-complexity vulnerabilities—those that are the easiest to exploit—accounted for 51.0 percent of all disclosures in 2H12, a slight increase from 49.4 percent in 1H12.
Disclosures of Medium-complexity vulnerabilities accounted for 45.4 percent of all disclosures in 2H12, compared to 44.6 percent in 1H12.
Disclosures of High-complexity vulnerabilities fell to 3.6 percent of all disclosuresin 2H12, down from 6.0 percent in 1H12.
Operating System, Browser, and Application Vulnerabilities

The following figure shows Industry-wide operating system, browser, and application vulnerabilities, 1H10–2H12.

After increasing significantly in 1H12, application vulnerability disclosures decreased 23.0 percent in 2H12, which accounted for nearly the entire decline in industry-wide vulnerability disclosures observed for the period. Application vulnerability disclosures accounted for 70.7 percent of total disclosures for the period.
Operating system vulnerability disclosures dropped to their lowest level since 2003, although vulnerabilities in web browsers continued a multi-year trend upwards. In previous periods, disclosures of operating system vulnerabilities routinely outnumbered those of browser vulnerabilities; however, in 2H12 browser vulnerability disclosures accounted for 16.4 percent of total disclosures.
Vulnerability Disclosures

The following figure charts vulnerability disclosures for Microsoft and non-Microsoft products since 1H10.

Disclosures of vulnerabilities in Microsoft products in 2H12 fell 26.3 percent to their lowest level since 2005.
Overall, disclosures of vulnerabilities in Microsoft products accounted for 3.1 percent of all disclosures across the industry, down from 3.9 percent in 1H12.
Exploits

The following figure shows the prevalence of different types of exploits, 3Q11–4Q12.

Detections of Java exploits fell in 3Q12 to less than a third of their 2Q12 total, but then made up about half of the difference in 4Q12 to become the third most commonly detected type of exploit during the second half of the year.
Exploits that target vulnerabilities in document readers and editors rose sharply in 4Q12, driven by increased detections of Win32/Pdfjsc. 
 
Reference:
Microsoft Security Intelligence Report, Volume 14, July through December, 2012
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 اردیبهشت 1392

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0