A vulnerability is a security weakness found in a program or operating system that can leave computing systems susceptible to malware and open to attacks. When vulnerabilities are discovered, software vendors provide fixes—called patches—for their products.
Not all vulnerabilities are created equal. Some may have little impact if exploited by a criminal. But others can be devastating. As such, when issuing security advisories, software vendors include risk ratings based on the severity of the damage the exploited vulnerability may cause. In 2012, a third of the vulnerabilities addressed were given a “high” severity rating.
With the timely release of patches, and regular updating of your antivirus security software, you ought to be safe. But the lag time between someone initially spotting the weakness, and you applying the fix, can expose your systems to infection.
Making matters worse, exploit kits designed to seek out vulnerabilities are widely available for purchase in the cybercriminal underground. An exploit kit is a web application that allows an attacker to take advantage of known vulnerabilities in popular applications such as Internet Explorer and Adobe Reader, and get away with it, typically because the user’s computer has not been updated with the latest security patches.