Microsoft Security Intelligence Report 2H06

This week at RSA Japan, Microsoft published its second Security Intelligence Report, covering the 2nd half of 2006.   Similar to the first document from last year, this one provides a lot of information about malware trends as observed by the internal Microsoft team from results of Windows Defender, the Malicious Software Removal Tool, OneCare and the Microsoft Exchange Hosted Filtering service.  All good stuff.

Additionally, Microsoft has added a vulnerability trends section to the document this time, and as one of the primary contributors, I want to promote it a bit.

You can download the full report here.

To entice you, here are a few of the highlight charts.

This first figure charts the growth of total vulnerabilities disclosed over the past 7 years, showing that over 40% more vulnerabilities were disclosed in 2006 than 2005 and that there were more vulnerabilities in each half-year of 2006 than in any year up through 2004.

This second figure charts the National Vulnerability Database’s (https://nvd.nist.gov) assessment of whether each vulnerability is either “easy” or “complex” to exploit.  Note that there was a much higher percentage of complex to exploit issues disclosed in 2006, a sign of the growing maturity of the security research industry, IMO.

That’s just a peek, so if you find these interesting, you may want to download the full report.