In the past month November, Microsoft released only 2 Security bulletins, both of critical severity. However in late October, MSFT released a fix for potentially very exploitable vulnerability (MS08-067 RPC Server) out-of-band, in itself already an indication of its high severity and its potential to develop into an aggressively replicating worm. We took a look at patching trends related to this publicized vulnerability.
Specifically, we monitored between 200,000 and 300,000 scans per day. The graph above shows the trends.
Customer Patching Trends
We have used our vulnerability statistics capabilities to track the evolution of the vulnerabilities to see how Microsoft customers apply these patches.
- Unfortunately, no. The emergency patch (MS08-67) didn’t show erratic reductions in occurrences of vulnerabilities and it appears customers were patching at a normal rate.
- However, for the last week we see a fairly rapid reduction in vulnerability numbers indicating that after a large scale worm was announced and confirmed (Trend Micro mentions over 500,000 machines infected, Symantec mentions major activity in their honey nets), customers are stepping up their patch activity.
- Over the last month and a half we have seen the occurrence of MS08-067 drop from a high value of 8 to close to 2 this week, and overall 70% reduction.
MS08-067, 68 and 69 Trends
PLEASE NOTE: The information below is based off normalized data, the Y-axis represents the number of vulnerabilities identified / total number of scans. The X -axis represents the dates. Normalizing the data was required in order to fairly represent the data in a graphical form. If you use the graphic, please attribute to Qualys.