Information Security Today Home

New Books

Business Resumption Planning, Second Edition
Global Warming, Natural Hazards, and Emergency Management
Crisis Management Planning and Execution
Cloud Computing: Implementation, Management, and Security
Organizational Crisis Management

The Dirty Dozen for 2008
12 Most Common Applications with Major Security Vulnerabilities

December 11, 2008 - Waltham, Mass. - Bit9 unveiled its annual ranking of popular consumer applications with known security vulnerabilities. Often running outside of the IT departmentís knowledge or control, these applications can be difficult to detect; they create data leakage risk in endpoints that are otherwise secure; and cause compliance breaches that can result in costly fines. The list, published in a research brief entitled "2008ís Popular Applications with Critical Vulnerabilities," is designed to highlight the need for greater visibility and control over organizationsí endpoints, including laptops, PCs, servers and Point-of-Sale systems.

The list this year expanded to include 12 applications, up from 10 last year, due to the increase in announced vulnerabilities and the popularity of applications such as Skype and Yahoo! Assistant that are often used by employees within an enterprise.

Five of the top 12 applications with known vulnerabilities include:

  1. Mozilla Firefox, versions 2.x and 3.x
  2. Adobe Acrobat, versions 8.1.2 and 8.1.1
  3. Microsoft Windows Live (MSN) Messenger, versions 4.7 and 5.1
  4. Apple iTunes, versions 3.2 and 3.1.2
  5. Skype, version

Each application on the list has the following characteristics:

  • Runs on Microsoft Windows.
  • Is well-known in the consumer space and frequently downloaded by individuals.
  • Is not classified as malicious by enterprise IT organizations or security vendors.
  • Contains at least one critical vulnerability that was:
    • first reported in June 2006 or after,
    • registered in the U.S. National Institute of Standards and Technologyís (NIST) official vulnerability database at, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
  • Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
  • The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS and WSUS.

"Year after year, we see a growing number of applications within the enterprise that create security vulnerabilities that are easily prevented through better visibility across endpoints, and a more centralized patch-management process," said Harry Sverdlove, chief technology officer, Bit9 Inc. "2008 has been no exception. This year, along with the widely reported huge increase in malware, the number of well-known applications causing security problems for companies has also increased. Our annual ranking now covers twelve applications, up from ten last year."

To read the full list of applications, which includes products from Symantec, Yahoo!, Trend Micro, Sun Microsystems and more, visit There, you can learn more about the application vulnerabilities, along with the benefits of using application white listing, a proactive approach to endpoint security.

Bit9 is a pioneer and leader in enterprise application whitelisting. The company's patented application control solutions ensure only trusted and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and unauthorized software. Unlike traditional, reactive controls that try to scan and prevent the never-ending list of unauthorized software, Bit9 leverages the Bit9 Global Software Registry to ensure only authorized applications can run, delivering the highest levels of desktop security, compliance, and manageability. Bit9 customers include companies in a wide variety of industries, such as retail, financial services, healthcare, e-commerce, telecommunications, as well as government agencies. For more information, visit

Subscribe to
IT Today

Powered by VerticalResponse

Share This Article

© Copyright 2007-2009 Auerbach Publications