Zero Day Flaws Overvalued Says New Microsoft Report

Attention given to previously unknown or “zero day” flaws may be overrated, according to research from Microsoft Corp. 

Attention given to previously unknown or “zero day” flaws may be overrated, according to research from Microsoft Corp. 

In an analysis, “Zeroing in on Malware Propagation Methods,” Microsoft follows the propagation of malware and how certain forms measure up against other vulnerability exploits. Microsoft examined infections reported by their Malicious Software Removal Tool (MSRT), given the tool’s range and its connection to Windows/Microsoft Update.

While the intent of Microsoft’s report isn’t to downplay Zero Day exploits, the company does suggest the attention they get is overblown.

Less than 1 percent of the infections reported came from zero-day vulnerabilities, 0.12 percent to be exact. The two vulnerabilities that accounted for most of that 0.12 percent, CVE-2011-0611 and CVE-2011-2110, affected Adobe’s Flash Player.

The remaining infections were propagated through social engineering, AutoRun exploitation, file infection and password attacks, according to the report.

Malware that relied on user interaction comprised 45 percent of the attacks measured while malware that exploited the system’s AutoRun feature comprised 43 percent, or more than a third of all detections. 26 percent of the attacks came from USB threats and 17 percent from the network, respectively.

Spanning well over 100 pages and drawing upon intelligence from 100+ countries, this year’s Security Intelligence Report evaluated vulnerability disclosures for the first half of 2011, January 1 through June 30.

When it comes to older vulnerabilities, the report suggests patch management is key going forward. Ninety percent of the recorded attacks are listed as Update Long Available, according to Vinny Gullotto, the general manager of Microsoft’s Malware Protection Center (MMPC). This means that there had been a security update available for each of the vulnerabilities for at least a year before the recorded infection. While it’s been made clear before that cybercriminals are consistently targeting old vulnerabilities, new numbers show its imperative is to keep old products patched.

Suggested articles