Zero-Day Vulnerabilities Nearly Double in 2014

Zero-day vulnerabilities nearly doubled last year to 25 up from 14 in 2013. That's according to a new report from IT security software provider Secunia that looks at vulnerabilities. Here are the details about what else the report shows.

Dan Kobialka, Contributing writer

March 25, 2015

2 Min Read
Kasper Lindgaard Secunia39s director of research and security
Kasper Lindgaard, Secunia's director of research and security

Zero-day vulnerabilities nearly doubled last year to 25 up from 14 in 2013. That’s according to a new report from IT security software provider Secunia.

The Microsoft (MSFT) Internet Explorer exploit used in Operation Clandestine Fox, Heartbleed and CCS Injection were three zero-day vulnerabilities that affected both managed service providers (MSPs) and their customers in 2014.

What’s more, the report shows that 80 percent of all zero-day vulnerabilities were discovered in the 25 most popular products (Microsoft applications, non-Microsoft applications and operating systems).

Other Secunia findings included:

  • In 2014, 15,435 security vulnerabilities were discovered in 3,870 products from 500 vendors. 

  • 1,348 security vulnerabilities were discovered in 18 products in the top 50 most popular applications on private PCs.

  • 1,035 security vulnerabilities were found in the five most popular web browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari.

  • 45 security vulnerabilities were found in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.

  • The number of security vulnerabilities rose 18 percent year over year and 55 percent over the past five years. Also, the number of vulnerable products increased 22 percent year over year.

So how can MSPs help customers eliminate security vulnerabilities? Kasper Lindgaard, Secunia’s director of research and security, pointed out that businesses need “to stay on top of their environment.”

“IT teams need to have complete visibility of the applications that are in use, and they need firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed,” he said in a prepared statement.

The annual “Secunia Vulnerability Review” provides global data on the prevalence of security vulnerabilities.

Full “Secunia Vulnerability Review 2015” results are available for download here.

What are your thoughts on Secunia’s new report? Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].

Read more about:

AgentsMSPsVARs/SIsMSP 501

About the Author

Dan Kobialka

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

See more from Dan Kobialka
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Mar 24 - Mar 27, 2025
The Channel Partners Conference & Expo, co-located with MSP Summit, is the gathering place for the technology services community. Agents, VARs, MSPs, integrators and service providers will converge to share ideas and drive discussion on the topics shaping our industry.
REGISTER NOW