RSS600 Security Vulnerabilities in Q1 2005
By Nate Mook | Published May 2, 2005, 5:04 PM
According to a study published Monday by the SANS Institute, more than 600 new security vulnerabilities cropped up in the first three months of 2005. Although Microsoft leads the top 20 most critical security issues, hackers are turning their attention to third party software such as media players and databases.
Vulnerabilities in Internet Explorer, Windows Logon and Microsoft's PNG file handling topped the new list, although Computer Associates and antivirus software from McAfee, Trend Micro, Symantec and more were also susceptible to attack.
"These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices," said Alan Paller, director of research for the SANS Institute. "We're publishing this list as a red flag for individuals as well as IT departments."
Media players have also become a way for attackers to compromise a system. Windows Media Player, RealPlayer, Apple's iTunes, and Winamp were each open to buffer overflow vulnerabilities in 2005, with the flaws being exploited in the wild.
SANS says the new list represents only security vulnerabilities found or patched in Q1 2005. Although SANS usually issues a yearly Top20 list, the group has moved to quarterly updates to aid organizations in recognizing potential security issues that could affect them.
"Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected," said Paller.
This is not news. This is pointing out the obvious. As long as there is network-enabled software, there are vulnerabilities. And where there are vulnerabilities, there are exploits waiting to be found... and subsequently patched... and then found again... ad nauseum.
Of course we're going to see the number of vulnerabilities rise! More and more people are on the internet every day using more and more applications, finding more and more problems.
The key here is awareness. Don't assume you are safe because you have the latest version.
BAM!
Score: 0
Youre right not to assume you are safe because you have the newest version, b ut getting the newest version can make you safe for a period of time. Chances are most of the flaws are fixed (of course causing others), but by then they are exploite.. A new version install fixes that UNTIL the new exploit. There is a buffer time that can make you feel more safe when upgrading.
Score: 0
So true, not news. And why is Microsoft at the top of the list, because its' software is in more homes and businesses than any other. Why Norton and McAfee, because they too are.
On the other hand, I think that SANS report would be a bit behind in publishing their list annually due to the fact that these vulnerabilites would have already been patched by the above mentioned companies(most likely). If this report is to let others know, then finding an avenue other than technical journals and internet sites would be the answer.
IMO . . . security updates from MS or Norton and McAfee should be something that is handed out in a brochure, or told by the sales representative, when the computer is purchased.
Score: 0