Security Vulnerability Exploit

A vulnerability is a security weakness found in a program or operating system that can leave computing systems susceptible to malware and open to attacks. When vulnerabilities are discovered, software vendors provide fixes—called patches—for their products.

Not all vulnerabilities are created equal. Some may have little impact if exploited by a criminal. But others can be devastating. As such, when issuing security advisories, software vendors include risk ratings based on the severity of the damage the exploited vulnerability may cause. In 2012, a third of the vulnerabilities addressed were given a “high” severity rating.

  • Attackers in 2012 did not need to seek out new vulnerabilities, as most users failed to patch their systems anyway, meaning old vulnerabilities still worked. In fact, a three-year-old vulnerability, CVE-2009-3129 or MS09-067, was the third most exploited vulnerability in targeted attacks in April 2012.
  • The VOBFUS worm, which hit a number of computers in the latter part of 2012, uses the same vulnerability that Stuxnet originally used as far back as 2010.

With the timely release of patches, and regular updating of your antivirus security software, you ought to be safe. But the lag time between someone initially spotting the weakness, and you applying the fix, can expose your systems to infection.

Making matters worse, exploit kits designed to seek out vulnerabilities are widely available for purchase in the cybercriminal underground. An exploit kit is a web application that allows an attacker to take advantage of known vulnerabilities in popular applications such as Internet Explorer and Adobe Reader, and get away with it, typically because the user’s computer has not been updated with the latest security patches.

Before you become a victim of the next exploit, consider looking beyond free antivirus to more complete, multi-layered antivirus software that can protect against the broadest range of threats.

See what others are saying about Vulnerabilities:
= Link leaves this site.