Microsoft dismisses zero-day threats

Powered by SC Magazine
 

Conventional problems are more worthy of your time.

Microsoft has played down the danger posed by zero-day bugs, claiming that only a tiny proportion of malicious exploits target unpatched vulnerabilities.

In its latest Security Intelligence Report, the company said only 1 percent of exploits targeted newly discovered threats, meaning that administrators should focus on social-engineering scams and keeping software up to date to avoid as many threats as possible, rather than stress over zero-days.

"Consider this information when prioritising security practices," said Vinny Gullotto, general manager at the Microsoft Malware Protection Center.

"The Security Intelligence Report provides techniques and guidance to mitigate common infection vectors, and its data helps remind us that we can't forget about the basics. Techniques such as exploiting old vulnerabilities, Win32/Autorun abuse, password cracking and social engineering remain lucrative approaches for criminals."

The company said 90 percent of infections that were attributed to vulnerability exploitation had been addressed by a security update available from the software vendor for more than a year.

According to Microsoft, end-user weaknesses - typically falling for social-engineering techniques - were to blame for almost half of all malware propagation in the first half of the year, while more than a third of all malware was spread through cybercriminal abuse of Win32/Autorun.

Microsoft was also quick to point the finger at other software manufacturers, highlighting findings that showed “the most commonly observed type of exploits in the first half of the year were those targeting vulnerabilities in the Oracle Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit2".

Microsoft said Java exploits were responsible for between a third and half of all exploits observed in the past year, although the report did admit that exploits targeting the Windows vulnerability CVE-2010-2568 had seen operating system exploits rise sharply in Q2 this year.

Copyright © PC Pro, Dennis Publishing


Microsoft dismisses zero-day threats
 
 
 
Top Stories
Westpac committed to core banking plan
[Blog post] Now with leadership.
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1162

Vote