The media – and indeed many parts of the security industry – just looove zero-day exploits. They are exciting to report, to research, to block…but interestingly, SophosLabs sees much more malware exploiting patched vulnerabilities.
I know – it’s a bit weird. Why would malware authors bother to target a vulnerability for which a patch is already available for download…for free? Surely, it would be a lost cause, a dud, a lemon, a non-starter.
Alas, many people – and companies – don’t get around to patching. And I just don’t get why. If I cut myself, I put a plaster on it so I don’t bleed all over the place. A no-brainer. Isn’t patching security vulnerabilities in the same boat?
To illustrate the importance of patching, our very own Mister Paul Baccas, SophosLabs’ malware researcher extraordinaire, has just released a technical paper (and I do mean technical) on this very topic, which you can download as a PDF.
He focuses on a specific Microsoft patch, namely MS10-087, released to address the vulnerability CVE-2010-3333 (RTF Stack Buffer Overflow Vulnerability). The patch was released way back in November 2010, and his paper tracks the constantly evolving exploits that have been hammering away at unpatched systems.
And with malware authors continually fuzzing the file format to try and avoid detection from security software, the end is by no means in sight. Just take a look at how many exploits we have seen affecting this single patch vulnerability?
So, the lesson is simple. We all need to patch in a timely manner. Don’t believe me? Check out Paul’s paper to see a snapshot of just how far the bad guys are willing to go so they can take advantage of those of us that don’t get around to patching.
‘Nuff said.
For a less nerdy explanation of Paul’s research than his technical paper, listen to this podcast where Chester Wisniewski interviews Paul for the layman’s view of his results.
(7 February 2012, duration 11:50 minutes, size 11.4 MBytes)
No-brainer sign image courtesy of ShutterStock
Fingers plaster image courtesy of ShutterStock
Oh so true!
%windir%system32wuapp.exe
I have this as a desktop shortcut because I am lazy & so checking for updates is easy for me.
And let's not forget: http://secunia.com/vulnerability_scanning/online/
Updating really is important you're correct.
Perhaps it is a bit misleading to show a graph giving the *cumulative* number of exploits … which guarantees that the curve will never go down.
Perhaps it would be better to show a graph giving the number of *new* exploits for each week?
The PDF has a graph by day :)
I was recently caught out..I did not realise that my windows update was failing… the update process did NOT warn me.
I just assumed I was OK. After checking the logs, I realised I had no updates for nearly six months!!
It turned out to be my RAID driver somehow causing windows update to silently fail :( (turns out to be a known issue for my motherboard/RAID config)
Sounds crazy, but it's not always obvious when something _doesn't_ happen.