Upgrade or die: Old vulnerabilities are prime targets

Anyone who remembers life before the Graphic User Interface can tell you that the older a system is the more vulnerable it becomes to infections, breakdowns and abuses of all kinds. Now, researchers at Fortinet have confirmed what you probably already suspect: The longer a vulnerability has been around the more likely it is to be exploited, and replacing unsupported legacy software is a good idea.

A recent white paper by security strategist Derek Manky examines attack patterns over the last 13 years and finds that despite a growing number of vulnerabilities being discovered over time, it is the older flaws that are the most popular targets.

Vulnerabilities that have been discovered since 2010 are barely being touched — fewer than half a million attacks a year — while 2003 apparently was a vintage year; there have been nearly 48 million attacks against vulnerabilities that were discovered then.

Related story:

Surprise: 57 percent admit to using pirated software

Bitter end: XP users grudgingly give way to Win 7

Overall, Windows XP is far and away the most popular target, with Vista coming in second. Windows 7 has barely been scratched.

Part of this is because of better software design, Manky wrote. It is harder to get a working rootkit for Windows 7 because it is better protected. It also is partly a matter of time. “The older the vulnerability, the more time there is for hackers to obtain the necessary code in order to create and execute successful attacks against users,” he wrote. Piracy also contributes to the problem, since unauthorized installations are not supported.

But mainly it is a result of a lack of adequate patch management, because these are all known vulnerabilities with fixes available. With the approaching end of life for the beloved XP, patching and updating will become more problematic. And with the imminent release of Windows 8, administrators are going to have to decide soon about upgrading to the newest — or at least a newer — version of the operating system.


About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected