Microsoft Security: An Upsurge in Application Vulnerabilities
From 2009 until earlier this year, Microsoft applications were logging a steady decrease in security vulnerabilities. But starting earlier this year, Microsoft security has hit a bump in the road. Application vulnerabilities are on the upswing.
By no means are the vulnerabilities all intrinsic to Microsoft's own product modules. Java exploits rank high among reported security issues, reflecting a serious ongoing problem with Java security. But so long as Microsoft applications provide access to Java, Java's problems are Microsoft's headaches.
And since Microsoft remains a massive presence in computing at midsize firms, Microsoft's problems remain IT's headaches at these firms.
Once upon a time, security problems with Microsoft products were a byword in the tech world. In more recent times, the company's security reputation has improved greatly. There has been a steady drop in vulnerabilities reported since 2009.
But precisely because Redmond's products are so widely used in business, they remain popular targets for hackers. And as Lucian Constantin reports at InfoWorld, the bad news about Microsoft applications came in a recently released Microsoft Security Intelligence Report (SIR).
According to the SIR, which contains security analysis and intelligence covering 105 countries, application vulnerabilities accounted for some 70 percent of all reported vulnerabilities. These were the main contributor to an 11.3 percent increase from the second half of 2011. Browser vulnerabilities also spiked, while operating system vulnerabilities continued to decline.
"Blacole" exploits, contained in the Blackhole exploit kit, were the most common exploits, followed by Java exploits.
A Rise in Cyber Threats?
Neither the InfoWorld piece nor the underlying Microsoft SIR ventured an explanation for the increase in reported vulnerabilities after a period of steady improvement. But many other news reports in recent months have pointed toward a new and more sophisticated wave of security threats.
These new threats range from politically motivated "hactivists" to organized crime rings and "state-sponsored" hackers affiliated with national intelligence agencies. Taken together they mean that the familiar image of teenage hackers out for cyber thrills is more and more out of date.
And for IT managers at midsize firms, the message is that security threats are growing in scope and sophistication. Major vendors' products are by no means immune from these threats. Promptly applying updates is the single most effective measure of defense.
But overall, the Microsoft SIR is a sobering reminder to the IT community that security threats are increasing. Complacency could be a fast road to a serious security breach.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.