Microsoft Security Intelligence Report Volume 5 (January to June 2008)

  • Article

Security management is an important subject for everyone.  Every six-months the Microsoft Security Intelligence Report (SIR) is released.   It provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

The report uses data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The fifth volume of the report is now available:

Volume 5 Highlights

The total number of unique vulnerability disclosures across the industry again decreased during the first half of 2008, down 4% from the second half of 2007 and down 19% from the first half of 2007.

In contrast to the decrease in total disclosures, vulnerabilities rated as High severity increased 13% with respect to the second half of 2007, with roughly 48% of all vulnerabilities receiving a rating of High severity. This is still a 28% decline from the first half of 2007.

Sir v5 Histogram

Patterns of malware detected and removed by Microsoft security products varied across countries and regions, however trojan downloaders and droppers remained the most prevalent malware threat globally at over 30% of the worldwide total.

Sir v5 Graphic

As a general rule, infection rates tend to be higher in developing countries/regions than in developed countries/regions, as reported by the Malicious Software Removal Tool (MSRT). The following map illustrates the infection rates of locations around the world, expressed in a metric called CCM that represents the number of computers cleaned per thousand executions of the Malicious Software Removal Tool.

Sir v5 World map 

Key Findings:

  • Software Vulnerability Disclosures – across the industry, vulnerability disclosures fell 4%; operating system vulnerability disclosures are consistently less than 10% of the total disclosed; Microsoft’s share of the total vulnerabilities disclosed is less than 3% and trending downwards…
     
  • Software Vulnerability Exploits – Publicly available exploit code existed for 32% of Microsoft vulnerabilities disclosed in 1H08, but only 10% was reliable…
     
  • Browser-Based Exploits – BRAND NEW RESEARCH! Attack patterns against browser-based vulnerabilities differs greatly between Windows XP and Windows Vista; none of the top 10 browser-based attacks were against vulnerabilities in Microsoft software…
     
  • Security Breach Trends – Less than a quarter of security breaches reported during 1H08 resulted from hacking or virus attacks…
     
  • Malicious and Potentially Unwanted Software – Microsoft removed 43% more malware and potentially unwanted software from computers in 1H08 compared to 2H07; trojan downloaders and droppers still make up 30% of the total detected and removed worldwide; Windows Vista is consistently less infected at any service pack level than Windows XP – 64-bit editions and server editions of Windows are less infected again…
     
  • E-Mail Threats – 99.8% of emails blocked because of a file extension had an attachment with a .zip or .html extension…
     
  • Spam and Phishing Threats – more than 90% of mail sent across the internet is spam; pharmaceutical-themed spam is the most prevalent…
     

Visit the Microsoft Software Intelligence Report Website or download the full report: SIR Volume 5 (January through June 2008) and Key Findings Summary.

Further information and security resources:

  • BlogMS: Microsoft Security Team Blogs:  On the BlogMS Team Blogs and Feeds Directory you will find links to the main security team blogs where you can find useful up-to-date information.
     
  • Microsoft Security Central Website: Information for Home Users, IT Professionals, Developers, Businesses and details of key Microsoft Security Services including the Microsoft Security Response Center, Microsoft Malware Protection Center, Trustworthy Computing, Security Development Lifecycle.
     
  • Microsoft Security Development Lifecycle:  As part of its commitment to make the SDL more accessible to every developer, Microsoft is delivering three new programs and tools: discover the Microsoft SDL Pro Network, the Microsoft SDL Optimization Model, and the Microsoft SDL Threat Modeling Tool.