A new report from Microsoft reveals that disclosure of high risk vulnerabilities is steadily increasing. However, public availability of associated exploit code for Microsoft products is declining.
In its bi-annual "Microsoft Security Intelligence Report," the company reports that "During 2006, 29.3 percent of known vulnerabilities announced in Microsoft products had publicly available exploit code. While as of August 1, 2007, only 20.9 percent of known vulnerabilities had publicly available exploit code."
The company also said that there has been a 500 percent increase in Trojans that either download malicious code or drop malicious code onto an affected computer. The code typically tries to install keystroke loggers, steal passwords, and steal private banking information.
Email-based threats remain constants with worms being the most prevalent problem and phishing scams coming in at a close second place.
Not so surprising is the data gathered by Microsoft's Malicious Software Removal Tool (MSRT) which shows that malware infection rates among Windows Vista and Windows XP system to be significantly lower than infection rates among older Windows platforms. As might be suspected, infection rates among Vista systems remains the lowest of all Windows operating systems while Windows XP without any service packs installed becomes infected more often than other Windows platforms.