Microsoft's Buggin' Report

Bug Tuesdays, holiday 'greetings,' and recycled WMF exploits dominated the second half of '06

April 25, 2007

2 Min Read
Network Computing logo

3:50 PM -- Amid the flurry of security-vendor malware reports the past few days came Microsoft's Security Intelligence Report yesterday, for the second half of last year. Microsoft Corp. (Nasdaq: MSFT) has now expanded the report from just malware data to publicly disclosed software vulnerabilities as well.

The data was gleaned from several hundred million Windows users, via Microsoft's Windows Malicious Software Removal Tool and Windows Defender. Here are some interesting tidbits from the report, which covers July 1-December 31, 2006. (Oh, and this data doesn't include the new Windows Vista -- see you next year on that.)

  • The number of disclosed bugs for 2006 was up 41 percent over the previous year for that period, and there were more bugs reported in the second half of 2006 than there were in any one year between 2000 and 2004.

  • Hackers love the holidays: December 2006 was the most active for disclosures (642) -- mostly during the week between Christmas and New Year's Day.

  • Disclosures take off the weekend: over 90 percent of bug disclosure came between Monday and Friday, and Tuesday is the busiest of those days -- yes, even excluding Microsoft's Patch Tuesday reports.

  • Hackers are getting more sophisticated, and they have better tools: Over 15 percent of the total vulnerabilities last year were "complex to exploit," up from 5 percent.

  • There were over 3,700 distinct WMF files exploiting this already-patched vulnerability.

  • The bull's eye is on applications now.

  • Win32/Zlob was the number one detected malware family.

  • Adware is still the number one unwanted software: There were 16.7 million detections of this unwanted software.

  • Remote control and monitoring software detections were up by 277 percent and 135 percent, respectively, from the first half of '06 to the second half.

  • Windows Defender found over 38 million pieces of "potentially" unwanted software.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights