Upgrade or die: Old vulnerabilities are prime targets

Anyone who remembers life before the Graphic User Interface can tell you that the older a system is the more vulnerable it becomes to infections, breakdowns and abuses of all kinds. Now, researchers at Fortinet have confirmed what you probably already suspect: The longer a vulnerability has been around the more likely it is to be exploited, and replacing unsupported legacy software is a good idea.

A recent white paper by security strategist Derek Manky examines attack patterns over the last 13 years and finds that despite a growing number of vulnerabilities being discovered over time, it is the older flaws that are the most popular targets.

Vulnerabilities that have been discovered since 2010 are barely being touched — fewer than half a million attacks a year — while 2003 apparently was a vintage year; there have been nearly 48 million attacks against vulnerabilities that were discovered then.

Related story:

Surprise: 57 percent admit to using pirated software

Bitter end: XP users grudgingly give way to Win 7

Overall, Windows XP is far and away the most popular target, with Vista coming in second. Windows 7 has barely been scratched.

Part of this is because of better software design, Manky wrote. It is harder to get a working rootkit for Windows 7 because it is better protected. It also is partly a matter of time. “The older the vulnerability, the more time there is for hackers to obtain the necessary code in order to create and execute successful attacks against users,” he wrote. Piracy also contributes to the problem, since unauthorized installations are not supported.

But mainly it is a result of a lack of adequate patch management, because these are all known vulnerabilities with fixes available. With the approaching end of life for the beloved XP, patching and updating will become more problematic. And with the imminent release of Windows 8, administrators are going to have to decide soon about upgrading to the newest — or at least a newer — version of the operating system.


About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.