On Monday, Microsoft released its latest Security Intelligence Report, which states that the total number of vulnerabilities revealed in 2007 dropped down by almost 5 percent, while the amount of malicious code discovered increased more than 40 percent.
The report, which is issued twice a year by Microsoft, in its latest release notes that vulnerability revelations went down approximately 15 percent in the latter half of 2007, and 5 percent for the year as a whole. However, things weren’t the same for high-severity flaws. While the amount of high-rated vulnerabilities fell in the second half of 2007, the total for the year topped 2006’s count. Around a third of all vulnerabilities in Microsoft products had publicly available exploit code in 2007, the same as the previous year.
While vendors are seemingly refining their vulnerabilities, PC users are advised to concentrate towards malicious code. During the latter half of 2007, the amount of malware deleted from PCs by Microsoft’s Malicious Software Removal Tool (MSRT) went up to 40 percent. Trojan horses that download or drop additional code are cited as the most commonly found harmful programs. In the last six months of 2007, the software giant noticed a 300 percent increase in the number of such programs, stated Jimmy Kuo, principal architect with Microsoft’s Malware Protection Center.
In the report released, Microsoft stated, “Clearly, this category of malware has become a tool of choice for some attackers.” Adding, “IT professionals and security professionals alike should become familiar with this type of malware so that they can better protect their networks from attacks that leverage it.”
Microsoft’s semi-annual report makes use of information gathered from several public sources along with the company’s Microsoft’s Malicious Software Removal Tool (MSRT), Windows Defender, Windows Live OneCare, and Exchange Hosted Services. A few days ago at the RSA conference, Microsoft asked for an information-technology industry strategy to develop more trust in the Internet.
Microsoft also seconded a revelation by security expert Symantec, which states that maximum data violations are a result of stolen equipments. A mere 13 percent of security breach notifications in the latter half of 2007 were caused due to exploits, malware and hacking.
Microsoft’s latest report notes that the most commonly found malicious software in the second half of 2007 is Win32/WinFixer, also known as WinAntivirusPro, a program that disguises itself as a malicious removal tool. Though Microsoft issued lesser bulletins and patched fewer flaws in 2007, the number of flaws in Microsoft Office went up; the company notes that most only seriously affected earlier versions of the program.
Some data from Microsoft’s report: