فا

‫ Microsoft Security Intelligence Report (1st section)


Number: IRCRE201511207

Date: 2015-11-20

Volume 19 of the Microsoft Security Intelligence Report (SIRv19) provides in-depth perspectives on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. Microsoft developed these perspectives based on detailed trend analysis over the past several years, with a focus on first and second quarters of 2015.

Vulnerabilities

Vulnerability Severity

The following figure shows Industry-wide vulnerability disclosures by severity, 2H12–1H15.

Disclosures of medium-severity vulnerabilities—those with CVSS scores from 4 to 7.9—dropped by nearly half from 2H14, but remained the most common type of vulnerability in 1H15.

By contrast, the number of disclosures of high-severity and low-severity vulnerabilities remained mostly stable, with both categories increasing by less than 2 percent from 1H14 to 2H14. High-severity vulnerabilities accounted for the second-highest share of vulnerability disclosures in 1H15, at 32.5 percent, and low-severity vulnerabilities accounted for the smallest share, at 10.4 percent.

Vulnerability Complexity

Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat that a vulnerability poses. A high-severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower-severity vulnerability that can be exploited more easily.

The following figure shows Industry-wide vulnerability disclosures by access complexity, 2H12–1H15.

Disclosures of low-complexity vulnerabilities—those that are the easiest to exploit—decreased slightly in 1H15, but accounted for the largest category of disclosures, at 56.3 percent of all disclosures.

Medium-complexity vulnerabilities decreased 54.9 percent from 2H14 to 1H15 to account for 42.4 percent of all vulnerabilities for the period.

Disclosures of high-complexity vulnerabilities decreased slightly in 1H15, and accounted for 1.0 percent of all disclosures for the period.

Operating System, Browser, and Application Vulnerabilities

The following figure shows Industry-wide operating system, browser, and application vulnerabilities, 2H12–1H15.

Disclosures of vulnerabilities in applications other than web browsers and operating system applications decreased by nearly half from 2H14 to 1H15, but remained the most common type of vulnerability in 1H15, accounting for 55.6 percent of all disclosures for the period.

Operating system application vulnerability disclosures decreased 1.5 percent from 2H14, and accounted for 19.7 percent of all disclosures in 1H15.

Core operating system vulnerability disclosures increased 1.7 percent from 2H14, and accounted for 14.1 percent of all disclosures in 1H15.

Browser vulnerability disclosures increased 13.2 percent from 2H14, and accounted for 10.6 percent of all disclosures in 1H15.

Vulnerability Disclosures

The following figure charts vulnerability disclosures for Microsoft and non-Microsoft products, 2H12–1H15.

Microsoft vulnerability disclosures increased from 209 disclosures in 2H14 to 266 in 1H15, an increase of 27.3 percent.

Exploits

The following figure shows Encounter rates for different types of exploit attempts, 3Q14–2Q15.

Encounters with Java exploits decreased each quarter, becoming the third most commonly encountered type of exploit in 1H15.

The number of encounters with exploits that target operating systems remained mostly stable in 1H15, becoming the second most commonly encountered type of exploits during the period.

Reference:

http://www.microsoft.com/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 آذر 1394

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0