internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
p. 140<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
VULNERABILITy TRENDS<br />
Figure D.3. Most Frequently Attacked Vulnerabilities in 2012<br />
Source: Symantec<br />
MILLIONS<br />
70<br />
60<br />
50<br />
40<br />
30<br />
20<br />
10<br />
62<br />
BID 31874<br />
BID Detail<br />
11 11 11 11<br />
BID 8234<br />
BID 10127<br />
BID 6005<br />
BID 8811<br />
BiD 31874 Microsoft Windows server service rPc Handling remote code execution Vulnerability<br />
BiD 8234 Microsoft Windows rPc service Denial of service Vulnerability<br />
BiD 10127 Microsoft Windows rPcss DcOM interface Denial of service Vulnerability<br />
BiD 6005 Microsoft Windows rPc service Denial of service Vulnerability<br />
BiD 8811 Microsoft Windows rPcss Multi-thread race condition Vulnerability<br />
Commentary<br />
• Actual number of new vulnerabilities reported is up,<br />
and trend is still upwards: The total number of new<br />
vulnerabilities reported in 2012 stood at 5,291. This figure<br />
works out to approximately 101 new vulnerabilities a<br />
week. Compared with the number from 2011, which was<br />
4,989, it represents an increase of 6 percent from that<br />
of 2011. We can see that the overall pattern is still on an<br />
upward trajectory. The number of vulnerabilities reported<br />
in January <strong>2013</strong> amounts to 503, which is more than the<br />
numbers reported in the same month last year.<br />
• The most often exploited vulnerabilities are not the<br />
newest: From observation of in-field telemetry, we can see<br />
that the most frequently used vulnerability in attacks is<br />
not the newest. Our data show that the most commonly<br />
attacked component by a wide margin is the Microsoft<br />
Windows RPC component. The attacks against this<br />
component are mostly using the Microsoft Windows Server<br />
Service RPC Handling Remote Code Execution Vulnerability<br />
(BID 31874 2 ). This vulnerability was first reported back in<br />
October 2008 and Symantec blocked 61.9 million attempts<br />
to exploit it in 2012. This figure represents 5.7 times the<br />
volume of the second most exploited vulnerability, the<br />
Microsoft Windows RPCSS DCOM Interface Denial of<br />
Service Vulnerability (BID 8234 3 ), from July 2003.<br />
• The next two most often used vulnerabilities are the<br />
Microsoft Windows RPCSS DCOM Interface Denial of