known vulnerability


Also found in: Dictionary.

known vulnerability

Software that has been identified as unprotected and vulnerable to an attack. For example, bugs in Web server, Web browser and email client software are widely exploited for malicious purposes. Although vendors generally issue patches, there is no guarantee that users apply them unless an automatic update procedure is activated. See malware.
References in periodicals archive ?
Further external research revealed that in October 2018, 51% of JavaScript downloads in October contained a known vulnerability, further demonstrating the scale of the challenge.
"An additional aspect is that this is often out of the control of the IT administrator, since it's easy for users to turn on remote printing."<p>Microsoft wasn't able to wrap up work on a patch for a known vulnerability in DirectX, specifically in the QuickTime format parser within DirectShow.
These attacks are usually based on a known vulnerability of applications and operating systems software.
The low-exposure state is hopefully the default; high exposure is tied to various conditions such as a known vulnerability that applies to the specific software on a machine, a virus or worm that exploits that vulnerability circulating in the proximate environment, ongoing deployment of new software by systems management tools, hardware aging, or other factors.
The plight of the city's parish church -like that of doctors' surgeries and schools reported by the ECHO only last week,offer yet another example for priority police patrolling of areas of known vulnerability.
Yesterday, it emerged that an unclassified network at the US Department of State suffered an outage caused by the Welchia worm, which targets a known vulnerability in Windows XP and 2000 machines.
Bugbear.B also exploits a known vulnerability in the browser Internet Explorer, which is detected by Panda Software as Exploit/iFrame.
Bugbear took advantage of a known vulnerability in Microsoft's Internet Explorer and could be automatically run simply by reading the e-mail and not opening the attachment.
GFI MailSecurity for Exchange/SMTP features an e-mail exploit engine that is capable of detecting and preventing any e-mails that aim to use a known vulnerability to execute a program or code.
It also scans IIS servers looking for the known vulnerability and attacks those servers.
"Using extremely old, very well known vulnerability in the WWW server software, we were able to gain access to HCFA's Web server without any more technical expertise than it takes to point and click," Neuman reported.
Exploiting a known vulnerability in Microsoft's Index Server, CodeRed unleashes a worm that launches a denial-of-service attack and defaces web sites.