Security Report Shows Changing Threats

Application vulnerabilities remain high and browser-based exploits continue because many organizations have not applied updates, according to Microsoft’s latest Security Intelligence Report. Social engineering attacks that tempt or scare users into installing malicious software are also increasing. Organizations should make use of configuration management tools, upgrade to Internet Explorer (IE) 7, and educate users about the dangers of the latest threats. The report was released in Nov. 2008 and covers software vulnerabilities observed by Microsoft from Jan. to June 2008.

Applications Are Vulnerable

The Security Intelligence Report is a semiannual publication that analyzes occurrences and trends for disclosed software vulnerabilities, exploits, malicious software, and potentially unwanted software. The data are derived from many sources, such as the Common Vulnerabilities and Exposures Web site (maintained by the Mitre Corporation under sponsorship by the U.S. Department of Homeland Security), the National Vulnerability Database, security vendors, and Microsoft’s own security offerings. Microsoft’s tools, including the Malicious Software Removal Tool, Windows Defender, Windows Live OneCare, and Exchange Hosted Filtering, run on hundreds of millions of computers worldwide. The Security Intelligence Report reports the prevalence of security threats and is used by Microsoft to improve security in its products and services.