Attackers are targeting the newest security vulnerabilities, giving businesses less time to patch and protect their systems, according to a report released last week by Symantec Corp. The security vendor's twice-annual Internet Security Threat Report, which compiles data from customers as well as from more than 20,000 sensors embedded in its global DeepSight Threat analysis system, paints an ugly picture. "This has a very fundamental impact on enterprises," says Vincent Weafer, senior director of Symantec's security response center, "and puts the spotlight on patch-management issues."

Data compiled by Symantec, one of the leading providers of security services and products, shows that 64% of attacks during the first six months of this year were aimed at vulnerabilities less than a year old; most of those (39%) targeted security flaws that had been disclosed in the previous six months. "That's a major change," says Weafer, who points out in the past, most attacks exploited vulnerabilities as old as 2 years. "Now attacks are changing to leverage the newest vulnerabilities."