contador pagina web Skip to content

more vulnerabilities per security bulletin

Security company Tripwire had fun analyzing Microsoft's Patch Tuesday. Every second Tuesday of each month, the Redmond company releases a series of security updates for its supported software products.

One finding of this analysis is that Microsoft integrates more vulnerabilities (the necessary for the correction) in fewer security bulletins. Tripwire explains this trend observed in 2014 by more and more security researchers who disclose vulnerabilities to Microsoft and discover them more quickly thanks to better tools.

The problem is that if white hat hackers find vulnerabilities more quickly, this is probably also the case for black hat hackers who obviously won't bother to warn Microsoft.

Patch-Tuesday-2014-trendNumber of vulnerabilities in red; number of safety bulletins in orange

In 2014, there were 28 critical safety bulletins published compared to 42 in 2013. Apparently good news which is offset by the previous finding. Internet Explorer alone accounted for 43% of the critical vulnerabilities of 2014.

For 2015, Tripwire anticipates that Microsoft will continue to integrate many vulnerabilities in each security bulletin and still with Internet Explorer at the top of the bill. Spartan are you there? But Tripwire also predicts a spike in out-of-cycle update releases.

Despite a 90-day grace period before public disclosure, an initiative such as Google's Project Zero is believed to be one of the causes of a rapid increase in Microsoft publications.