by
EO
13. October 2011 04:42
With a collection of data from Internet services and over 600 million computers worldwide, the Microsoft Security Intelligence Report (SIR) exposes the threat landscape of exploits, vulnerabilities, and malware. Awareness of threats is a preventive step to help you protect your organization, software, and people.
Worldwide Threat Assessment is an analysis of the global impact while Regional Threat Assessment provides detailed telemetry by location. Protection methods appear in Managing Risk.
SIR volume 11 provides data from January to June 2011 and features the article “Zeroing In on Malware Propagation Methods”. Here’s the first paragraph from the article.
“Among the array of technical and non-technical mechanisms that malicious parties have at their disposal for attacking computers and stealing data, the zero-day vulnerability—a software vulnerability that is successfully exploited before the software vendor has published a security update addressing it—is especially significant for security professionals and attackers alike. Zero-day vulnerabilities—according to the conventional wisdom, at least—cannot be effectively defended against, and can arise at any time, leaving even security-conscious IT administrators essentially at their mercy. While technologies like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) have been introduced to make it more difficult to reliably exploit software, and processes like the Secure Development Lifecycle (SDL) have been shown to reduce the incidence of software vulnerabilities, these vulnerabilities continue to capture the imagination.”
Download the SIR 11 PDF now @ the Microsoft download center.