By John Leyden
22nd November 2005
Bugs in anti-virus scanners and web-based applications joined flaws in
Microsoft and Cisco networking products in a list of the 20 most
serious vulnerabilities discovered this year.
The list  - compiled by the SANS Institute in co-operation with
security vendors such as Qualys and government agencies in the UK and
US - highlights the 20 most critical vulnerabilities currently facing
organisations. Vulnerabilities that are easy to exploit and where a
large number of unpatched systems existed were highlighted in the
report. In addition to identifying vulnerabilities in Windows and UNIX
systems, this year's Top-20 list also includes cross-platform
applications and networking products for the first time.
Various flaws in Internet Explorer and Microsoft Windows Services
(such as Plug and Play) make the top 20 list. These are joined by
anti-virus product glitches and back-up software. Vulnerabilities to
Oracle database and application software products also make the SANS
Top 20 list.
The flaws are all well-documented. The idea of the Top 20 is to draw
people's attention towards particularly serious problems that might
have been overlooked. Starting earlier this year, the SANS Institute
moved from an annual to quarterly update of its list, now into its
fifth year, to reflect the faster evolution of internet threats. It's
still doing the annual round-up though with this year's Top 20
launched in Europe at a high profile event in London on Tuesday
featuring speakers from SANS, the DTI and the National Infrastructure
Security Coordination Centre (NISCC) . =AE
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.