Automated Patching Helping Zero-Day Exploits
Latest SANS Institute top 20 list puts IE and Office squarely in hackers crosshairs. Are efforts to protect them fueling the rise?
Windows applications continue to be key targets for hackers, according to the latest Top 20 list of Internet security vulnerabilities from The SANS Institute.
The number one spot on the information security training and certification group's list belongs to Microsoft's Internet Explorer. However, the report also highlighted zero-day vulnerabilities and attacks that go beyond Internet Explorer as the number one trend in its 2006 update.
The zero-day exploits are a key trend in the modern threat landscape and it's one that is becoming increasingly difficult to spot.
The way not to get noticed is by using attacks that haven't been discovered yet, and for which there is no means of defense, which, by definition, is a zero-day attack.
"While we've known about the phenomenon for years, here in 2006 we're seeing it actively used on the internet and the amount of activity will continue to increase," Sachs said.
According to the report, vulnerabilities in the Microsoft Office suite tripled compared to 2005. The report cited some 45 critical vulnerabilities found in MS Office products, nine of which were flagged as being zero-day exploits.