Upgrade or die: Old vulnerabilities are prime targets

Anyone who remembers life before the Graphic User Interface can tell you that the older a system is the more vulnerable it becomes to infections, breakdowns and abuses of all kinds. Now, researchers at Fortinet have confirmed what you probably already suspect: The longer a vulnerability has been around the more likely it is to be exploited, and replacing unsupported legacy software is a good idea.

A recent white paper by security strategist Derek Manky examines attack patterns over the last 13 years and finds that despite a growing number of vulnerabilities being discovered over time, it is the older flaws that are the most popular targets.

Vulnerabilities that have been discovered since 2010 are barely being touched — fewer than half a million attacks a year — while 2003 apparently was a vintage year; there have been nearly 48 million attacks against vulnerabilities that were discovered then.

Related story:

Surprise: 57 percent admit to using pirated software

Bitter end: XP users grudgingly give way to Win 7

Overall, Windows XP is far and away the most popular target, with Vista coming in second. Windows 7 has barely been scratched.

Part of this is because of better software design, Manky wrote. It is harder to get a working rootkit for Windows 7 because it is better protected. It also is partly a matter of time. “The older the vulnerability, the more time there is for hackers to obtain the necessary code in order to create and execute successful attacks against users,” he wrote. Piracy also contributes to the problem, since unauthorized installations are not supported.

But mainly it is a result of a lack of adequate patch management, because these are all known vulnerabilities with fixes available. With the approaching end of life for the beloved XP, patching and updating will become more problematic. And with the imminent release of Windows 8, administrators are going to have to decide soon about upgrading to the newest — or at least a newer — version of the operating system.


About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected