600 Security Vulnerabilities in Q1 2005

By Nate Mook | Published May 2, 2005, 5:04 PM

According to a study published Monday by the SANS Institute, more than 600 new security vulnerabilities cropped up in the first three months of 2005. Although Microsoft leads the top 20 most critical security issues, hackers are turning their attention to third party software such as media players and databases.

Vulnerabilities in Internet Explorer, Windows Logon and Microsoft's PNG file handling topped the new list, although Computer Associates and antivirus software from McAfee, Trend Micro, Symantec and more were also susceptible to attack.

"These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices," said Alan Paller, director of research for the SANS Institute. "We're publishing this list as a red flag for individuals as well as IT departments."

Media players have also become a way for attackers to compromise a system. Windows Media Player, RealPlayer, Apple's iTunes, and Winamp were each open to buffer overflow vulnerabilities in 2005, with the flaws being exploited in the wild.

SANS says the new list represents only security vulnerabilities found or patched in Q1 2005. Although SANS usually issues a yearly Top20 list, the group has moved to quarterly updates to aid organizations in recognizing potential security issues that could affect them.

"Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected," said Paller.

Comments

This is not news. This is pointing out the obvious. As long as there is network-enabled software, there are vulnerabilities. And where there are vulnerabilities, there are exploits waiting to be found... and subsequently patched... and then found again... ad nauseum.

Of course we're going to see the number of vulnerabilities rise! More and more people are on the internet every day using more and more applications, finding more and more problems.

The key here is awareness. Don't assume you are safe because you have the latest version.

BAM!

Score: 0

|

Youre right not to assume you are safe because you have the newest version, b ut getting the newest version can make you safe for a period of time. Chances are most of the flaws are fixed (of course causing others), but by then they are exploite.. A new version install fixes that UNTIL the new exploit. There is a buffer time that can make you feel more safe when upgrading.

Score: 0

|

So true, not news. And why is Microsoft at the top of the list, because its' software is in more homes and businesses than any other. Why Norton and McAfee, because they too are.

On the other hand, I think that SANS report would be a bit behind in publishing their list annually due to the fact that these vulnerabilites would have already been patched by the above mentioned companies(most likely). If this report is to let others know, then finding an avenue other than technical journals and internet sites would be the answer.

IMO . . . security updates from MS or Norton and McAfee should be something that is handed out in a brochure, or told by the sales representative, when the computer is purchased.

Score: 0

|

Don't wait for Microsoft's patch: Secure Windows now from today's 0-day

Microsoft is recommending users simply get rid of a vulnerable ActiveX control that no one even uses any more. We'll show you how to do that right now.

Nokia: Android? Are you crazy?

Rumors about new Android devices abound, but Nokia squashes this one.

Symantec goes live with Norton 2010 betas

Norton Internet Security and Norton Antivirus 2010 are now available for testing.

What's Now: Drenched with 'Purple Ra1n,' iPhone users caught eating 'redsn0w'

Plus: Symantec and McAfee go to war, and what's LucasArts building in its top-secret, moon-shaped orbital facility?

In New York, online booze loses a Circuit Court decision

Court worried about gangster influence if liquor purchased directly.

British Telecom sacks bitterly unpopular Phorm ad platform

Phorm under BT is no more, but the targeted ad service could still go on under Virgin or TalkTalk.

CBS is the last man standing against Hulu

Popular streaming syndication site Hulu now has all the major networks in its camp except CBS.

Not just Vista: The operating system is dying, too

Carmi Levy: Wide Angle Zoom Vista's troubles point to a bigger shift that will affect more than just Microsoft.

Bolt: the dark horse mobile browser

Bitstream's small-footprint mobile browser is available in Beta 3

IE8 WSUS update push to begin August 25

After months of availability to users willing to seek it out, Internet Explorer 8 will be rolled into Windows Server...

Geeks vs. journalists: A tale of two worldviews

Recovery with Angela Gunn Why geeks think most mainstream journalism is flaky, and why the mainstream thinks geeks are trying to kill them. (They're both right.)

Can Linux do BitLocker better than Windows 7?

Betanews kicks off a new series with a look at how the Linux operating system's FDE stacks up against BitLocker, the Windows feature that today commands a $120 premium.

Windows 7 ISO Verifier 1.0

July 6 - 5:40 PM ET

ProgDVB 6.10.2

July 6 - 5:19 PM ET

FreeBSD 8.0 Beta 1

July 6 - 4:58 PM ET

K-Lite Codec Pack 64-bit 2.5.0

July 6 - 3:55 PM ET

SysCheckUp 1.4.0

July 6 - 3:34 PM ET