Flash Exploits Jump 40 Times in Q2 2011

Microsoft has just released vulnerability data collected from its Malicious Software Removal Tool (MSRT), Bing, Windows Live Hotmail, Forefront and Defender during the first half of this year.

There are few surprises, but there is a wealth of data that delivers the current state of computer security and vulnerabilities over 168 pages.

According to the report, java remains the most dangerous platform for security exploits as Microsoft detected more than 6 million cases during the first month of the year. Operating system exploits made a huge jump to more than 5 million due to a Windows shortcut flaw that was discovered in July of last year and heavily exploited by attackers. HTML and JavaScript exploits are next in line, followed by document reader exploits and Flash vulnerabilities. Microso said that Flash vulnerabilities are still uncommon, but increased substantially (more than 40x) from the first to the second quarter of the year.

Windows XP SP3 remains the most vulnerable OS among the currently still-supported Microsoft operating systems. The data released show that 10.9 of every 1000 Windows XP SP3 (32-bit) were infected during the first half of the year. In comparison, the number dropped to 8.8 for Vista SP1 32-bit (6.7 for 64-bit), to 5.7 for Vista SP2 (4.4 for 64-bit) to 4.0 for Windows 7 RTM (2.7 for 64-bit) and to 1.8 for Windows 7 SP1 (1.1 for 64-bit).

Malware is most commonly distributed via adware with a share near 24 percent, followed by "unwanted" software (20 percent) and trojans (18 percent), worms (12 percent) and trojan downloaders (10 percent). Spyware has become insignificant as a malware transportation vehicle.

Microsoft detected most of the malware infections in the U.S. (10.5 million in Q2). Brazil was second with 3.7 million and France third with 2.7 million compromised Windows systems.

Microsoft's Security Intelligence Report v11 can be downloaded from Microsoft's website.