600 Security Vulnerabilities in Q1 2005

According to a study published Monday by the SANS Institute, more than 600 new security vulnerabilities cropped up in the first three months of 2005. Although Microsoft leads the top 20 most critical security issues, hackers are turning their attention to third party software such as media players and databases.

Vulnerabilities in Internet Explorer, Windows Logon and Microsoft's PNG file handling topped the new list, although Computer Associates and antivirus software from McAfee, Trend Micro, Symantec and more were also susceptible to attack.

"These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices," said Alan Paller, director of research for the SANS Institute. "We're publishing this list as a red flag for individuals as well as IT departments."

Media players have also become a way for attackers to compromise a system. Windows Media Player, RealPlayer, Apple's iTunes, and Winamp were each open to buffer overflow vulnerabilities in 2005, with the flaws being exploited in the wild.

SANS says the new list represents only security vulnerabilities found or patched in Q1 2005. Although SANS usually issues a yearly Top20 list, the group has moved to quarterly updates to aid organizations in recognizing potential security issues that could affect them.

"Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected," said Paller.