The annual report "Windows Exploitation in 2016"(PDF) released by ESET, which summarizes the" positive and negative "presented in the most widely used operating system, Microsoft Windows.
On 25 pages of the report, ESET analyzes the vulnerabilities that occurred during the last 12 months, providing details about the most vulnerable components, such as Internet Explorer and Windows User-Mode Components.
Compared to last year, this year's "Windows Exploitation in 2016" report reveals that the number of vulnerabilities fixed increased in all but one area, Internet Explorer (IE), where there was a sharp decline in the number of vulnerabilities from 242 to 109 in the last twelve months.
On the other hand, Windows User-Mode Components, a processor feature that runs most applications and some Windows OS drivers, has remained as popular with cyber criminals.
In the report, ESET places Windows User-Mode Components, with 116 vulnerabilities being repaired, at the top of the chart for 2016. Among the most common ways cybercriminals abuse 0-days in User-mode are remote code execution and elevation of privileges.
Although it appears for the first time in the report, Microsoft Edge has been proven to be robust and close to second, and has been attributed the first 111 patched vulnerabilities. Unlike IE, Edge maintains modern security features, such as AppContainer, or 64-bit processes for tabs enabled by default, which make it less vulnerable.
Windows Exploitation Report 2016 provides detailed statistics on vulnerabilities that have been fixed in Microsoft-supported versions of Windows, components, Web browsers, and the Office suite, as well as updates issued. The report's author also takes a detailed look at risk mitigation techniques in the latest versions of Windows and the effectiveness of security in key Web browsers, as they are very attractive targets for cybercriminals.
Stakeholders can download the entire Windows Exploitation in 2016 report here. Additional security information on ESET's official blog, WeLiveSecurity.com, as well as more information on ESET's advanced security technologies.