This article was published on November 2, 2012

Microsoft’s security team is killing it: Not one product on Kaspersky’s top 10 vulnerabilities list


Microsoft’s security team is killing it: Not one product on Kaspersky’s top 10 vulnerabilities list

Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom:

Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.

I can hear the Microsoft haters crying foul all across the globe. Yet it’s true. Here are the top 10 vulnerabilities for the third quarter, according to Kaspersky:

  1. Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges) and Cross-Site Scripting (Gain access to sensitive data). Highly Critical.
  2. Oracle Java Three Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
  3. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Gain access to sensitive data. Highly Critical.
  4. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Highly Critical.
  5. Adobe Reader/Acrobat Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
  6. Apple QuickTime Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  7. Apple iTunes Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  8. Winamp AVI / IT File Processing Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  9. Adobe Shockwave Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  10. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Gain access to sensitive data. Extremely Critical.

The rankings are based on the percentage of users whose computers had the vulnerability in question. In other words, unpatched and old software, or just poor software in the first place.

A few years ago, Microsoft would be all over the list, but starting with the release of Windows Vista, the company has seriously cleaned up its act. Windows 7 builds on that, and Windows 8 takes it yet another step forward. Windows is still highly targeted due to its market share: 0-days for Windows 8 allegedly already exist.

If you’re looking at that list above and demanding for some juicy security figures, this list of findings is for you:

  • 28 percent of all mobile devices attacked run Android OS version 2.3.6, which was released in September 2011.
  • 56 percent of exploits blocked in Q3 use Java vulnerabilities.
  • A total of 91.9 million URLs serving malicious code were detected, a 3% increase compared to Q2 2012.

That second one is brutal. It’s exactly why you shouldn’t have Java installed, unless you absolutely need it.

See also – Security companies are recommending you disable Java, or just uninstall it and IE9 passes 20% market share, Firefox falls below 20%, Chrome loses users second month in a row

Image credit: Miguel Saavedra

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top