Content, Channel partners, Content

VulnDB Report: Microsoft ‘Top’ Vendor by Confirmed Vulnerabilities

Credit: Getty Images

Microsoft ranked first in confirmed security vulnerabilities among vendors through the third quarter of 2020, according to the "Vulnerability QuickView Report" from Risk Based Security's VulnDB threat intelligence team. The report indicated that 1,202 Microsoft vulnerabilities were discovered in the first nine months of 2020, which represented a 39 percent year-over-year increase.

Along with Microsoft, VulnDB cited the following vendors as its "top" vendors in terms of confirmed security vulnerabilities as of the end of 3Q20:

  • Oracle
  • Red Hat
  • Google
  • SUSE

VulnDB also named the following software as its "top" software in terms of confirmed security vulnerabilities during the time frame:

  • openSUSE Leap
  • Windows 10
  • Windows Server 2019
  • Debian Linux
  • Windows Server (semi-annual channel)

Other notable findings from VulnDB's report included:

  • 17,129 vulnerabilities were found during the first three quarters of 2020, up 4.6 percent year over year.
  • Vulnerability disclosures totaled 4,968 as of the end of 3Q20, down 19.2 percent year over year.
  • On average, there were 68 vulnerability disclosures per day through the first nine months of 2020.
  • 600 vulnerabilities are still in CVE RESERVED status.

VulnDB also noted that "regular" Patch Tuesdays are approaching volumes comparable to vulnerability Fujiwhara events.

Vulnerability Fujiwhara Events in 2020

There were three vulnerability Fujiwhara events this year: January 14, April 14 and July 14. April 14 (511 disclosures) and July 14 (496 disclosures) were "huge events" in the world of vulnerability management, while the volume of vulnerability disclosures on January 14 was roughly the same as that of September's Patch Tuesday, VulnDB indicated.

Fujiwhara events occur when Microsoft, Oracle and other software vendors release vulnerability patches on the same date. The next Fujiwhara event will take place January 14, 2025.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.