 |
| Source: ESET report. Cover for Windows Exploitation in 2016. |
ESET has published Windows Exploitation in 2016, an annual report that summarises the highs and lows of the Microsoft Windows operating system (OS). Across 25 pages, ESET gives an overview of the vulnerabilities that have occurred over the past 12 months, providing details on infamously vulnerable components such as the Internet Explorer browser and Windows User-Mode Components.
The Windows Exploitation Report 2016 contains detailed statistics about vulnerabilities fixed in Microsoft-supported versions of Windows, its components, web browsers, as well as the Office suite, and also provides information about issued updates. The report’s author also took a detailed look at exploit mitigations in recent Windows versions and the security effectiveness of major web browsers, as they represent very attractive targets for attackers.
Compared to last year’s report, Windows Exploitation in 2016 discloses that the number of fixed vulnerabilities in Windows increased in all segments except one, Internet Explorer (IE). IE saw a steep drop in the number of vulnerabilities, falling from 242 to 109 over the past twelve months.
On the other hand, Windows User-Mode Components, a processor mode where a majority of applications and some drivers for the Windows OS run, remained popular with cybercriminals. In the report, ESET identifies Windows User-Mode Components with 116 fixed vulnerabilities as the leader in 2016’s chart. Among the most prevalent ways cybercriminals misuse zero-day vulnerabilities in User-mode is via remote code execution and the elevation of the privileges of malicious components.
The newcomer in the report, the Microsoft Edge browser, ranks a close second with its first 111 vulnerabilities patched. Unlike IE, Edge keeps modern security features such as AppContainer or 64-bit processes for tabs turned on by default, which makes it less vulnerable.
Interested?
Download Windows Exploitation in 2016 (PDF)
No comments:
Post a Comment