14 DAY TRIAL // Zero-day vulnerabilities accounted only for an insignificant volume of infections in the first half of 2011, Microsoft revealed in the Security Intelligence Report volume 11 (SIRv11).
The report took in consideration only top malware families detected by the Malicious Software Removal Tool (MSRT) between January and June 2011.
As users can see in the image at the top, none of the malicious code in MSRT exploited 0-day security holes in order to compromise PCs in the first half of this year.
“However, if one considers exploits that are not associated with families detected by the MSRT, a small number of vulnerabilities did have zero-day exploits in 1H11,” Microsoft added.
“Zero-day exploitation accounted for about 0.12 percent of all exploit activity in 1H11, reaching a peak of 0.37 percent in June.”
The Redmond company notes that it doesn’t want to downplay the threat represented by 0-day vulnerabilities, but it does want to put it into context.