Editing Malware (section)

===Vulnerable software===
A [[Vulnerability (computing)|vulnerability]] is a weakness, [[Design flaw|flaw]] or software bug in an [[Application software|application]], a complete computer, an [[operating system]], or a [[computer network]] that is exploited by malware to bypass defences or [[Privilege escalation|gain privileges]] it requires to run. For example, [[TestDisk|TestDisk 6.4]] or earlier contained a vulnerability that allowed attackers to inject code into Windows.<ref>{{cite book|chapter-url=https://doi.org/10.1109/SISY.2015.7325394|doi=10.1109/SISY.2015.7325394|chapter=Modern binary attacks and defences in the windows environment — Fighting against microsoft EMET in seven rounds|title=2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY)|year=2015|last1=Nemeth|first1=Zoltan L.|pages=275–280|isbn=978-1-4673-9388-1|s2cid=18914754}}</ref> Malware can exploit security defects ([[security bug]]s or [[Software vulnerability|vulnerabilities]]) in the operating system, applications (such as browsers, e.g. older versions of Microsoft Internet Explorer supported by Windows XP<ref>{{cite web|title=Global Web Browser... Security Trends|publisher=Kaspersky lab|date=November 2012|url=http://www.kaspersky.com/images/Kaspersky_Report_Browser_Usage_ENG_Final.pdf|access-date=17 January 2013|archive-date=2 February 2013|archive-url=https://web.archive.org/web/20130202153249/http://www.kaspersky.com/images/Kaspersky_Report_Browser_Usage_ENG_Final.pdf|url-status=dead}}</ref>), or in vulnerable versions of browser plugins such as [[Adobe Flash Player#Security|Adobe Flash Player]], [[Adobe Acrobat#Security|Adobe Acrobat or Reader]], or [[Java SE#Critical security issues with the Java SE plugin|Java SE]].<ref>{{cite web|last=Rashid|first=Fahmida Y.|title=Updated Browsers Still Vulnerable to Attack if Plugins Are Outdated|publisher=pcmag.com|date=27 November 2012|url=http://securitywatch.pcmag.com/none/305385-updated-browsers-still-vulnerable-to-attack-if-plugins-are-outdated|access-date=17 January 2013|archive-url=https://web.archive.org/web/20160409063012/http://securitywatch.pcmag.com/none/305385-updated-browsers-still-vulnerable-to-attack-if-plugins-are-outdated|archive-date=9 April 2016|url-status=dead}}</ref><ref>{{cite web|last=Danchev|first=Dancho|title=Kaspersky: 12 different vulnerabilities detected on every PC|publisher=pcmag.com|date=18 August 2011|url=http://www.zdnet.com/blog/security/kaspersky-12-different-vulnerabilities-detected-on-every-pc/9283|access-date=17 January 2013|archive-date=5 July 2014|archive-url=https://web.archive.org/web/20140705182539/http://www.zdnet.com/blog/security/kaspersky-12-different-vulnerabilities-detected-on-every-pc/9283|url-status=dead}}</ref> For example, a common method is exploitation of a [[buffer overrun]] vulnerability, where software designed to store data in a specified region of memory does not prevent more data than the buffer can accommodate from being supplied. Malware may provide data that overflows the buffer, with malicious [[executable]] code or data after the end; when this payload is accessed it does what the attacker, not the legitimate software, determines.

Malware can exploit recently discovered vulnerabilities before developers have had time to release a suitable [[Patch (computing)|patch]].<ref name=":2" /> Even when new patches addressing the vulnerability have been released, they may not necessarily be installed immediately, allowing malware to take advantage of systems lacking patches. Sometimes even applying patches or installing new versions does not automatically uninstall the old versions.

There are several ways the users can stay informed and protected from security vulnerabilities in software.
Software providers often announce updates that address security issues.<ref>{{cite web|url=https://www.adobe.com/support/security/|title=Adobe Security bulletins and advisories|publisher=Adobe.com|access-date=19 January 2013|archive-date=15 November 2013|archive-url=https://web.archive.org/web/20131115002036/http://www.adobe.com/support/security/|url-status=live}}</ref> 
[[Common Vulnerabilities and Exposures|Common vulnerabilities]] are assigned unique identifiers (CVE IDs) and listed in public databases like the [[National Vulnerability Database]].
Tools like Secunia PSI,<ref>{{cite magazine|last=Rubenking|first=Neil J.|url=https://www.pcmag.com/article2/0,2817,2406767,00.asp|title=Secunia Personal Software Inspector 3.0 Review & Rating|magazine=PCMag.com|access-date=19 January 2013|archive-date=16 January 2013|archive-url=https://web.archive.org/web/20130116064450/http://www.pcmag.com/article2/0,2817,2406767,00.asp|url-status=live}}</ref> free for personal use, can scan a computer for outdated software with known vulnerabilities and attempt to update them.
[[Firewall (computing)|Firewalls]] and [[Intrusion detection system|intrusion prevention systems]] can monitor the network traffic for suspicious activity that might indicate an attack.<ref>{{Cite book|last1=Morales|first1=Jose Andre|last2=Al-Bataineh|first2=Areej|last3=Xu|first3=Shouhuai|last4=Sandhu|first4=Ravi|chapter=Analyzing and Exploiting Network Behaviors of Malware|date=2010|editor-last=Jajodia|editor-first=Sushil|editor2-last=Zhou|editor2-first=Jianying|title=Security and Privacy in Communication Networks|chapter-url=https://link.springer.com/chapter/10.1007/978-3-642-16161-2_2|series=Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering|volume=50|language=en|location=Berlin, Heidelberg|publisher=Springer|pages=20–34|doi=10.1007/978-3-642-16161-2_2|isbn=978-3-642-16161-2|access-date=2 December 2021|archive-date=2 December 2021|archive-url=https://web.archive.org/web/20211202085918/https://link.springer.com/chapter/10.1007/978-3-642-16161-2_2|url-status=live}}</ref>