SANS releases Q205 Report

#135 Multiple Products from Microsoft, Back-up Products from Symantec/Veritas and Computer Associates, plus iTunes and other Media Players Cited in this Second Quarter Update.

More than 422 new Internet security vulnerabilities were discovered during the second quarter of 2005, according to SANS Institute and a team of experts from industry and government. This group has isolated the Top-20 (www.sans.org/top20/) most critical vulnerabilities disclosed in Q2 that that need to be addressed through patching and other defensive actions. Individuals and organizations that do not correct these problems face a heightened threat that remote, unauthorized hackers will take control of their computers and use them for identity theft, for industrial espionage, or for distributing spam or pornography.

To be included on the new quarterly update, vulnerabilities must meet five requirements: (1) they affect a large number of users, (2) they have not been patched on a substantial number of systems, (3) they allow computers to be taken over by a remote, unauthorized user, (4) sufficient details about the vulnerabilities have been posted to the Internet to enable attackers to exploit them, and (5) they were discovered or first patched during the second three months of 2005.

The 422 new vulnerabilities discovered or reported during Q2 2005 represent an increase of 10.8% from the first quarter of 2005 (381) and an increase of nearly 20% from the second quarter of 2004 (352).