Network Security, Patch/Configuration Management, Vulnerability Management

“Critical” Microsoft security bugs at lowest level since 2005

Microsoft patched fewer "critical" security vulnerabilities this year than it did in any other year since 2005, the company said Tuesday.

The Redmond, Wash.-based computing giant issued 99 security bulletins during 2011, with 13 released Tuesday during its final patch batch of the year, Mike Reavey, director of the Microsoft Security Response Center, said in a blog post Tuesday. Thirty-two percent of all bulletins issued this year were tagged with Microsoft's highest severity rating of critical. During the last six months of 2011, the percentage was lower, with 20 percent of all patches listed as critical. 

Not since 2004, the year Microsoft first began issuing monthly security patches, has the percentage of critical bulletins in a given year been so low. Moreover, in terms of absolute numbers, critical vulnerabilities, or the most severe type of flaw – whose exploitation could result in the spread of a worm without user action – are at their lowest levels since 2005.

“The fact that we're seeing lower percentages of critical issues and bulletins year-over-year demonstrates progress made by the product groups in creating more secure software,” Reavey wrote.

Microsoft on Tuesday pushed out its final 13 patches of the year. Three of the bulletins were rated critical, including bulletin MS11-087, which corrects a bug that allows the data-stealing, control system-targeting Duqu trojan to spread.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.