Why is a 14-month-old patched Microsoft vulnerability still being exploited?

Filed Under: Malware, Microsoft, PDF, Podcast, SophosLabs, Vulnerability

no-brainer signThe media - and indeed many parts of the security industry - just looove zero-day exploits. They are exciting to report, to research, to block...but interestingly, SophosLabs sees much more malware exploiting patched vulnerabilities.

I know - it's a bit weird. Why would malware authors bother to target a vulnerability for which a patch is already available for download...for free? Surely, it would be a lost cause, a dud, a lemon, a non-starter.

Alas, many people - and companies - don't get around to patching. And I just don't get why. If I cut myself, I put a plaster on it so I don't bleed all over the place. A no-brainer. Isn't patching security vulnerabilities in the same boat?

plastered fingerTo illustrate the importance of patching, our very own Mister Paul Baccas, SophosLabs' malware researcher extraordinaire, has just released a technical paper (and I do mean technical) on this very topic, which you can download as a PDF.

He focuses on a specific Microsoft patch, namely MS10-087, released to address the vulnerability CVE-2010-3333 (RTF Stack Buffer Overflow Vulnerability). The patch was released way back in November 2010, and his paper tracks the constantly evolving exploits that have been hammering away at unpatched systems.

And with malware authors continually fuzzing the file format to try and avoid detection from security software, the end is by no means in sight. Just take a look at how many exploits we have seen affecting this single patch vulnerability?

cumulative_number for exploits for CVE-2010-33332

So, the lesson is simple. We all need to patch in a timely manner. Don't believe me? Check out Paul's paper to see a snapshot of just how far the bad guys are willing to go so they can take advantage of those of us that don't get around to patching.

'Nuff said.

For a less nerdy explanation of Paul's research than his technical paper, listen to this podcast where Chester Wisniewski interviews Paul for the layman's view of his results.


(7 February 2012, duration 11:50 minutes, size 11.4 MBytes)

No-brainer sign image courtesy of ShutterStock
Fingers plaster image courtesy of ShutterStock

, , , , , , , , ,

You might like

4 Responses to Why is a 14-month-old patched Microsoft vulnerability still being exploited?

  1. CodeHook · 903 days ago

    Oh so true!

    %windir%system32wuapp.exe
    I have this as a desktop shortcut because I am lazy & so checking for updates is easy for me.

    And let's not forget: http://secunia.com/vulnerability_scanning/online/

    Updating really is important you're correct.

  2. Richard P · 902 days ago

    Perhaps it is a bit misleading to show a graph giving the *cumulative* number of exploits ... which guarantees that the curve will never go down.

    Perhaps it would be better to show a graph giving the number of *new* exploits for each week?

  3. chris clowne · 902 days ago

    I was recently caught out..I did not realise that my windows update was failing... the update process did NOT warn me.
    I just assumed I was OK. After checking the logs, I realised I had no updates for nearly six months!!
    It turned out to be my RAID driver somehow causing windows update to silently fail :( (turns out to be a known issue for my motherboard/RAID config)

    Sounds crazy, but it's not always obvious when something _doesn't_ happen.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .