The number of known hardware and software vulnerabilities increased last year by a third over 2004, according to Internet Security Systems (ISS).

The company will use its stand at the Infosecurity Show to promote its answer to the issue, the “virtual patch”.

The data was reported by the company’s X-Force division in its Threat Insight Quarterly report, using 4,472 vulnerabilities noted during the year. Exploits for 3.13 percent of these appeared within 24 hours, with code being released for a further 9.38 percent within 2 days of the vulnerability being published.

In short, criminals are getting better at releasing exploit code before systems have been patched during the official patching window.

ISS’s virtual patching is a technology for detecting attacks such as buffer and memory overflows using real-time deep packet inspection of network traffic. According to X-Force senior technology specialist, James Rendell, the majority of vulnerabilities can be exploited using buffer overflow techniques. The technology is claimed to provide 100 percent protection against this class of vulnerability.

The company also sells a desktop protection agent to warn of attacks such as Trojans attempting to communicate from within the network to initiate further remote attacks.

“We are seeing an increase in zero-day exploits from hackers appearing at the same time the vulnerability is published,” said his colleague Gunter Ollman.

“This does not allow product developers the time to test and issue the necessary patches needed by the end users and enterprise administrators.”

ISS’s X-Force Threat Insight Quarterly report can be found on the company website.

ISS will be on stand 70.