The Microsoft Security Intelligence Report (Jan 2008 - June 2008) is available
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The fifth volume of the report is now available: SIR Volume 5 (January through June 2008) and Key Findings Summary
The total number of unique vulnerability disclosures across the industry again decreased during the first half of 2008, down 4% from the second half of 2007 and down 19% from the first half of 2007.
In contrast to the decrease in total disclosures, vulnerabilities rated as High severity increased 13% with respect to the second half of 2007, with roughly 48% of all vulnerabilities receiving a rating of High severity. This is still a 28% decline from the first half of 2007.
Some remarkable facts : (see the report for more details)
· Microsoft Exchange Hosted Services blocked more than 90 percent of messages received over the Internet in 1H08, similar to the trend observed in 2H07.
· The percentage of vulnerabilities affecting core OS components has decreased significantly over the past five years and appears to have recently stabilized between 6 and 8 percent.
· 3% of All Disclosures are Microsoft Disclosures
· Comparing the latest service packs for each version, the infection rate of Windows Vista SP1 is 48.8 percent less than that of Windows XP SP3.
· Comparing the n-1 service packs for each version, the infection rate of the release to manufacturing (RTM) version of Windows Vista is 56.2 percent less than that of Windows XP SP2.
· Comparing the RTM versions of these operating systems, the infection rate of the RTM version of Windows Vista is 85.4 percent less than that of the RTM version of Windows XP.
Microsoft offers free prescriptive guides created by the Solution Accelerators – Security and Compliance team for IT professionals, in addition to security guidance organized by topic, product, and technology: ttp://www.microsoft.com/technet/security/guidance/default.mspx.
