Adobe Reader’s automatic patching feature could at last be stemming the tide of attacks exploiting vulnerabilities in the PDF reader, the latest Top Cyber Security Risks Report from SANS and its partners has suggested.
Using vulnerability data from co-author Qualys, Acrobat version 9 has now achieved a patching ‘half life’ – the time it takes for patches to reach more than 50 percent of affected systems – of around 15 days, similar to the 14.5 days for the Windows OS itself.
Versions 7 and 8, which lack the automatic updating fared far worse, with patching half lives of 65 days during 2009. Even after six months, the patching ‘persistence’ rate (the level of non-patching) was 45 percent, falling to 40 percent over following months.
As far as pre-version 9 versions are concerned, patching appears to be a low priority. PDF exploits, meanwhile, keep coming a rate that marks it out as a major security problem for companies and consumers alike.
Fifty percent of Acrobat Reader installations still use the older versions of Acrobat.
More widely, old attack types are still unexpectedly prevalent, even years after they were first seen, and are still finding unpatched targets.
June of this year, in particular, saw a sudden spike in injection attacks on older SQL Server 2000 databases exploiting the long-ago XP_CMDSHELL vulnerability. Most of these originate in China, which appears to have a large population of unpatched SQL databases, and to a lesser extent the US.
Another ancient issue is SQL Slammer worm, with up 32 million detected attacks per month, almost all from Chinese systems against the education sector. More recent threats such as Conficker also continue to pester at significant levels, despite falling to lower levels in the first half of 2010.
The 2010 Top Cyber Security Risks Report, compiled by Qualys, HP TippingPoint DV Labs, The SANS Internet Storm Center can be downloaded from the DVLabs website.