Serious security vulnerabilities account for up to 70% of these issues, but it is still too early to draw any conclusions.
![]() |
Source: Mobilitistyle |
Just as the king of the Microsoft empire, Bill Gates, had just “abdicated,” Microsoft faced a shocking report from McAfee.
According to the data collected by this security firm, in just the first five months of 2006, Microsoft had to patch 36 critical vulnerabilities in its software, a 70% increase compared to the same period last year.
However, in an email sent to vnunet, Microsoft insisted that the rise in serious vulnerabilities is not a “trend,” let alone a “worrisome trend” as feared by McAfee.
Microsoft further stated that their goal is to minimize the number of security vulnerabilities in their products, as they have successfully done with software like Windows Server 2003 and SQL Server 2005.
The software giant also dismissed speculation that competitions organized by security firms like iDefense and TippingPoint contributed to this surge in vulnerabilities.
iDefense regularly holds quarterly contests where vulnerability hunters can earn up to $10,000 for discovering any critical vulnerabilities. This quarter’s contest specifically targeted Microsoft products.
According to an iDefense spokesperson, this contest saw the highest number of vulnerabilities “caught” in the company’s history. Three of these vulnerabilities were recently patched by Microsoft in a security bulletin released last week. The individual who discovered the critical vulnerability in the ART image file format was awarded the $10,000 prize.
However, iDefense also agreed with Microsoft that it is too early to draw any conclusions about the “explosion” of security vulnerabilities in Microsoft software.
TippingPoint and iDefense are just two mainstream cases organizing vulnerability discovery contests, but there is a belief that a thriving black market operates, exchanging and trading such information. Criminals frequently frequent these forums to find ways to steal identities, commit fraud, and attack systems.
Tian Yi