Menu
Adobe Reader more secure after version 9

Adobe Reader more secure after version 9

But old versions hang on for a long time

Adobe Reader's automatic patching feature could at last be stemming the tide of attacks exploiting vulnerabilities in the PDF reader, the latest Top Cyber Security Risks Report from SANS and its partners has suggested.

Using vulnerability data from co-author Qualys, Acrobat version 9 has now achieved a patching 'half life' - the time it takes for patches to reach more than 50 per cent of affected systems - of around 15 days, similar to the 14.5 days for the Windows OS itself.

Versions 7 and 8, which lack the automatic updating fared far worse, with patching half lives of 65 days during 2009. Even after six months, the patching 'persistence' rate (the level of non-patching) was 45 per cent, falling to 40 per cent over following months.

As far as pre-version 9 versions are concerned, patching appears to be a low priority. PDF exploits, meanwhile, keep coming a rate that marks it out as a major security problem for companies and consumers alike.

50 per cent of Acrobat Reader installations still use the older versions of Acrobat.

More widely, old attack types are still unexpectedly prevalent, even years after they were first seen, and are still finding unpatched targets.

June of this year, in particular, saw a sudden spike in injection attacks on older SQL Server 2000 databases exploiting the long-ago XP_CMDSHELL vulnerability. Most of these originate in China, which appears to have a large population of unpatched SQL databases, and to a lesser extent the US.

Another ancient issue is SQL Slammer worm, with up 32 million detected attacks per month, almost all from Chinese systems against the education sector. More recent threats such as Conficker also continue to pester at significant levels, despite falling to lower levels in the first half of 2010.

The 2010 Top Cyber Security Risks Report, compiled by Qualys, HP TippingPoint DV Labs, The SANS Internet Storm Center can be downloaded from the DVLabs website.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securityadobePersonal Tech

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments