Written by 
A report into the state of internet security has found patching is still woefully poor among computer users.
Of the top ten exploited vulnerabilities in M86 Security’s analysis of the first half of 2010 only one had been patched this year, while one fix was issued in 2006 and the majority were at least two years old. Half of the flaws were in Microsoft products, namely Internet Explorer, Access Snapshot and in video streaming controls.
“The attackers go for low hanging fruit,” Bradley Anstis, vice president of Technology told V3.co.uk.
The level of client vulnerabilities and the differing access needs of users makes it difficult for IT departments to run a coherent patching strategy and makes locking down users an imperfect solution. Ideally almost no users should have admin access available but this was seldom realistic he said.
“Ideally is a great word: Ideally people shouldn’t be logging on as admin, ideally should be closing things down as soon as possible but there’s other issues.”
Hackers are also getting increasingly smart about hampering attempts to block their code the report finds. It details a new attack using JavaScript to attack in conjunction with Adobe’s ActionScript software, which sets up a communications channel via Flash so that only half of the attack code is exposed.
