WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Zero-day threats may be exaggerated

Microsoft has published the ‘Microsoft Security Intelligence Report volume 11’, which attempts, according to the company, to put the zero-day threat into context.

The report says that less than one percent of exploits in the first half of 2011 were against zero-day vulnerabilities; software vulnerabilities that are successfully exploited before the vendor has published a security update or ‘patch’. In contrast, 99 percent of all attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities.

User interaction, typically employing social-engineering techniques, is attributed to nearly half (45 percent) of all malware propagation in the first half of 2011 says the report. In addition, more than a third of all malware is spread through cybercriminal abuse of Win32/Autorun, a feature that automatically starts programs when external media, such as a CD or USB, are inserted into a computer. Ninety percent of infections that were attributed to vulnerability exploitation had a security update available from the software vendor for more than a year.

Read Microsoft Security Intelligence Report volume 11 (PDF)

•Date: 13th October 2011 • Region: World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here