Software giant, Microsoft has blown away the myth by revealing that less than one per cent of the attacks it detected were trying to exploit zero-day vulnerabilities.

While releasing Volume 11 of its Security Intelligence Report at the RSA Conference in Europe on October 11, the company said that the level of threat posed from so-called zero-day vulnerabilities are overestimated.

The company's report pointed out that social-engineering attacks such as phishing accounted for nearly half of all attacked identified by the company. It also said that more than -third of malware exploits Win32/Autorun through devices like USB drives. Microsoft also noted that 90 percent of infections exploited a vulnerability, whose fix had been available for more than a year but not installed by the user.

The report also outlines some positive trends. in the first half of this year. "Medium and high severity vulnerabilities disclosed in 1H11 were down 6.8 percent and 4.4 percent from 2H10, respectively," an abstract from the report read.

It also showed that "low complexity vulnerabilities - the easiest ones to exploit - were down 41.2 percent from the prior 12-month period."

Vinny Gullotto, general manager of the Microsoft Malware Protection Center said that approaches including `exploiting old vulnerabilities, Win32/Autorun abuse, password cracking and social engineering' continue to be attractive ways to try to attack a system for hackers.