Bit9, Inc., a leading provider of application control and device control solutions, today released its annual list of the top popular applications with known vulnerabilities. Often running outside of IT's knowledge or control, these popular applications can be difficult to detect and remove.
The list, published as a research brief entitled "2007's Popular Applications with Critical Vulnerabilities" was designed to help IT departments regain control over their desktop environments. Or was it to know which apps you should pack on your portable USB tool collection :) ?
Each application on the list has the following characteristics: 1. Runs on Microsoft Windows. 2. Is well-known in the consumer space and frequently downloaded by individuals. 3. Is not classified as malicious by enterprise IT organizations or security vendors. 4. Contains at least one critical vulnerability: * first reported in June 2006 or after, * registered in the U.S. National Institute of Standards and Technology's (NIST) official vulnerability database at http://nvd.nist.gov/, and * with a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS). 5. Relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
The first five of the top ten applications with known vulnerabilities include: 1. Yahoo Messenger 8.1.0.239 and earlier 2. Apple QuickTime 7.2 3. Mozilla Firefox 2.0.0.6 4. Microsoft Windows Live (MSN) Messenger 7.0, 8.0 5. EMC VMware Player (and other products) 2.0, 1.0.4
To discover the other applications on the list and what to do about them, please visit Bit9 Website
