Critical Infrastructure Security, Incident Response, Network Security, TDR, Vulnerability Management

Microsoft: Flaws down but malware on the rise

The number of flaws impacting Microsoft products dropped 33.6 percent in the first half of 2008 compared to the last half of 2007, as hackers ramp up their focus on third-party applications, the latest Microsoft Security Intelligence Report found.

This trend was particularly noticeable in the browser, said the report, released Monday. Browser-based exploits occurring on Windows XP machines were attributable to Microsoft bugs 42 percent of the time and third-party software 58 percent of the time.

Those numbers drastically improved on Vista-based machines, where browser attacks could be blamed on Microsoft software just six percent of the time.

Overall, new vulnerability disclosures fell four percent from the previous six-month period and 19 percent from the first half of 2007, the report said.

"We continue to see a trend down in terms of vulnerabilities over all industries, particularly in Microsoft software," Bret Arsenault, general manager of Microsoft's National Security Team, told SCMagazineUS.com on Friday.

Despite the decline in bugs, malware is running rampant amid an increasingly sophisticated cybercriminal underground, according to the report. Microsoft's Malicious Code Software Removal Tool, which scans Windows machines for the latest known threats and then attempts to remove them, showed that malware prevalence shot up 43 percent from the previous period.

Two trojan families -- Win32/Zlob adn Win32/Renos -- accounted for 96 percent of computers that needed cleaning. Zlob and Renos attempt to infect users with rogue anti-malware programs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.