Fortinet Blog | News and Threat Research

In June 2008, Microsoft officially announced that it planned to discontinue support for its popular but aging Windows XP operating system by April 2014.

To many system administrators’ chagrin, the move will galvanize many organizations to begin migrating to newer operating systems, such as Windows 7 or the much anticipated and soon-to-be-released Windows 8. Unfortunately, during this process, legacy XP systems will become increasingly vulnerable to zero-day attacks and other security threats. The sudden absence of support for XP leaves a void that will likely be filled by a slew of old and/or soon-to-be-discovered vulnerabilities and subsequently give rise to a new crop of security exploits that specifically target these legacy systems, which are now devoid of security updates or support.

After a recent FortiGuard Labs malware database query where our threat research team looked at the same day of each year for the last 13 years, the team analyzed the number of vulnerabilities the systems captured and concluded that older operating systems typically have more exploit activity due to the fact that myriad exploit kits and existing malicious code have had ample time to mature and circulate. It’s also harder today to get a working rootkit for Windows 7 than Windows XP thanks to Microsoft technology such as PatchGuard, which protects the kernel of an operating system from being unduly modified.

An August 2012 snapshot of reported attacks from the start of this year shows that a massive number of attacks are based on exploits discovered many years ago. FortiGuard reports 47 million instances of attacks based on exploits discovered in 2004 alone!

The abrupt rise in exploit attempts represents a stark contrast to detected exploit attempts in more recent versions of Windows, all of which remain under a million from exploits discovered in 2010 and onwards.

“If you look at the number of exploits discovered in 2011, the number of attack attempts was down to around 425,000, versus the 2.9 million we saw for exploits found in 2009,” said Derek Manky, Senior Security Strategist for Fortinet. “The sad truth is that hackers are still successful going after older vulnerabilities, which really are low-hanging fruit since they have been known and unprotected against for ages.”

In comparison, the number of exploit attempts against new vulnerabilities discovered in 2012 remains well under five thousand, however that number will likely increase significantly in just a few years, Manky continued.

“It will be interesting to see at the end of the year”