April 21, 2010 by Andy Russell
A hole in Microsoft’s Windows Server Message Block Protocol was found to be the most attacked vulnerability in 2009 according to a Symantec report released earlier this week.
This was followed by holes found in Adobe Reader and Flash Player and perhaps unsurprisingly; Internet Explorer 7 and Windows MPEG2 ActiveX control.
Suspicious PDF file downloads were the top method for web based attacks representing nearly half of them. The report also found 6 attacks on Internet Explorer, 1 targeting Adobe’s Shockwave Flash and 2 that targeted MPEG2 ActiveX controls.
Although Internet Explorer was the most attacked browser it only had 45 reported vulnerabilities whereas Mozilla’s Firefox had 169, this shows that attacks are often based on the availability of a programs exploit code.
Surprisingly only one browser has less vulnerabilities found than Internet Explorer; the new kid on the block Opera only had 25, with Apple’s Safari showing 94 and Google’s Chrome had 46 found.
All of the browsers had fairly similar windows of exposure which worked out to be roughly 1 day. This refers to the timescale between when an exploit code affecting a vulnerability id made public and when it is patched.
Chrome and Safari showed the worst results in this with Chrome taking 2 days and Safari taking its time with 13 days.
The report would appear to have shown negatives for all of the browsers but the prevailing story will inevitably be the validation of just how vulnerable Microsoft’s Internet Explorer really is.
Related posts:
