Threat Management, Network Security, Patch/Configuration Management, Vulnerability Management

Patch Tuesday’s potential for stock market manipulation

The price of Microsoft stock typically falls on the second Tuesday of each month -- when monthly security fixes are released by the software giant -- and then jumps the following day, a new McAfee report concludes.

The drop in stock value likely is attributable to media coverage of vulnerabilities in Microsoft products that the patches seek to clear up, said Anthony Bettini, McAfee Avert Labs senior management team member, in his article “Vulnerabilities in the Equities Market," part of McAfee's biannual Security Journal.

“This pressure is likely due to reactions to news articles about the negative implications of security vulnerabilities in Microsoft software,” he wrote.

Bettini's research focused on Microsoft's Patch Tuesday and the effects it has on the stock market. He found patch announcements have an impact on stock price fluctuations so it seems people can -- and do -- make money off of Patch Tuesday.

On that day, there is a stronger than average downward movement in Microsoft's stock price. In addition, the day following Patch Tuesdays, there is an upward tick, or net-positive close, on average, Bettini wrote in his article.

On Patch Tuesdays in 2006, '07 and '08, Microsoft's share price fell (in percentage) 0.11 , 0.29 and 0.45  respectively, from market open to close, the study showed.

In contrast, on the day after Patch Tuesday, the price gained (in percentage) 0.27, 0.21 and 0.49, respectively, from open to close.

“Buying stock on a Patch Tuesday and selling it the next day could offer a legitimate profit, but only when trading in large quantities and with considerable risk,” Bettini wrote.

A Microsoft spokeswoman could not immediately be reached for comment on Monday.

In the same vein, individuals could post real or fake vulnerability alerts in hopes of artificially driving down the share price of another software vendor and cash in as a result.

"...If stock price fluctuations occur due to vulnerability and patch announcements, what would happen if a person built up a short position in a major software company and posted a handful of vulnerabilities with exploits to the Full Disclosure mailing list?" Bettini wrote. "If this happened during market hours and during a day that was less likely to have competing news that could distract investors...then the downward pressures on the stock could be significant at a consumer level."

Disclosing a bogus vulnerability is a type of social engineering, something McAfee researchers said is rampant in the cybercriminal world.

“What we see is that the majority of virus and other malware attacks leverage social engineering in one form or another,” Craig Schmugar, Avert Labs' threat research manager, said in an email to SCMagazineUS.com. “Users are being tricked into installing these threats by the millions.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.