Microsoft dismisses zero-day threats

Powered by SC Magazine
 

Conventional problems are more worthy of your time.

Microsoft has played down the danger posed by zero-day bugs, claiming that only a tiny proportion of malicious exploits target unpatched vulnerabilities.

In its latest Security Intelligence Report, the company said only 1 percent of exploits targeted newly discovered threats, meaning that administrators should focus on social-engineering scams and keeping software up to date to avoid as many threats as possible, rather than stress over zero-days.

"Consider this information when prioritising security practices," said Vinny Gullotto, general manager at the Microsoft Malware Protection Center.

"The Security Intelligence Report provides techniques and guidance to mitigate common infection vectors, and its data helps remind us that we can't forget about the basics. Techniques such as exploiting old vulnerabilities, Win32/Autorun abuse, password cracking and social engineering remain lucrative approaches for criminals."

The company said 90 percent of infections that were attributed to vulnerability exploitation had been addressed by a security update available from the software vendor for more than a year.

According to Microsoft, end-user weaknesses - typically falling for social-engineering techniques - were to blame for almost half of all malware propagation in the first half of the year, while more than a third of all malware was spread through cybercriminal abuse of Win32/Autorun.

Microsoft was also quick to point the finger at other software manufacturers, highlighting findings that showed “the most commonly observed type of exploits in the first half of the year were those targeting vulnerabilities in the Oracle Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit2".

Microsoft said Java exploits were responsible for between a third and half of all exploits observed in the past year, although the report did admit that exploits targeting the Windows vulnerability CVE-2010-2568 had seen operating system exploits rise sharply in Q2 this year.

Copyright © PC Pro, Dennis Publishing


Microsoft dismisses zero-day threats
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 470

Vote