Malicious hackers or malware that exploit vulnerabilities in software or services before they can be patched — so-called “zero-day vulnerabilities” — account for less than 1 percent of computer attacks worldwide, according to a Microsoft report released Tuesday.
Indeed, 99 percent of all attacks in the first half of 2011 distributed malware through familiar techniques like social engineering — trying to trick people into divulging confidential information (phishing is an example) — or through vulnerabilities for which updates or patches exist. About 90 percent of vulnerabilities exploited had security updates or patches available for more than a year.
That’s according to Microsoft’s latest Security Intelligence Report, which pulls data from some 600 million systems in more than a hundred countries or regions. The company releases the report twice a year.
Microsoft also released eight security updates this week, including two critical ones for Internet Explorer and for .NET Framework and Silverlight.