Microsoft's Buggin' Report

Bug Tuesdays, holiday 'greetings,' and recycled WMF exploits dominated the second half of '06

April 25, 2007

2 Min Read
Network Computing logo

3:50 PM -- Amid the flurry of security-vendor malware reports the past few days came Microsoft's Security Intelligence Report yesterday, for the second half of last year. Microsoft Corp. (Nasdaq: MSFT) has now expanded the report from just malware data to publicly disclosed software vulnerabilities as well.

The data was gleaned from several hundred million Windows users, via Microsoft's Windows Malicious Software Removal Tool and Windows Defender. Here are some interesting tidbits from the report, which covers July 1-December 31, 2006. (Oh, and this data doesn't include the new Windows Vista -- see you next year on that.)

  • The number of disclosed bugs for 2006 was up 41 percent over the previous year for that period, and there were more bugs reported in the second half of 2006 than there were in any one year between 2000 and 2004.

  • Hackers love the holidays: December 2006 was the most active for disclosures (642) -- mostly during the week between Christmas and New Year's Day.

  • Disclosures take off the weekend: over 90 percent of bug disclosure came between Monday and Friday, and Tuesday is the busiest of those days -- yes, even excluding Microsoft's Patch Tuesday reports.

  • Hackers are getting more sophisticated, and they have better tools: Over 15 percent of the total vulnerabilities last year were "complex to exploit," up from 5 percent.

  • There were over 3,700 distinct WMF files exploiting this already-patched vulnerability.

  • The bull's eye is on applications now.

  • Win32/Zlob was the number one detected malware family.

  • Adware is still the number one unwanted software: There were 16.7 million detections of this unwanted software.

  • Remote control and monitoring software detections were up by 277 percent and 135 percent, respectively, from the first half of '06 to the second half.

  • Windows Defender found over 38 million pieces of "potentially" unwanted software.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Nextgen network management
Network Management
Nextgen Network Management: What’s Next and Are We Ready?Nextgen Network Management: What’s Next and Are We Ready?
byMary E. Shacklett, President, Transworld Data
May 27, 2024
4 Min Read
SASE Explained: Definition, Benefits, and Best Practice
SASE Networking
SASE Explained: Definition, Benefits, and Best PracticeSASE Explained: Definition, Benefits, and Best Practice
bySalvatore Salamone, Managing Editor, Network Computing
May 1, 2023
22 Min Read
NaaS 2024: A Look at the Future of Network Services
Network Infrastructure
NaaS 2024: A Look at the Future of Network ServicesNaaS 2024: A Look at the Future of Network Services
byPascal Menezes, MEF
Mar 22, 2024
5 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat