The annual report "Windows Exploitation in 2016” (PDF) issued by ESET, summarizing the “pros and cons” presented in the most widely used operating system, Microsoft Windows.
In the 25 pages of the report, ESET analyzes the vulnerabilities that have emerged over the last 12 months, providing details on the most vulnerable components, such as the Internet Explorer and Windows User-Mode Components.
Compared to last year, this year's "Windows Exploitation in 2016" report reveals that the number of vulnerabilities fixed increased in all but one area, Internet Explorer (IE), where there was a sharp decline in the number of vulnerabilities from 242 to 109 in the last twelve months.
On the other hand, Windows User-Mode Components, a processor feature that runs most applications and some Windows OS drivers, has remained as popular with cyber criminals.
In the report, ESET places Windows User-Mode Components, with 116 patched vulnerabilities, at the top of theletterτος για το 2016. Μεταξύ των πιο διαδεδομένων τρόπων που οι κυβερνοεγκληματίες κάνουν κατάχρηση των 0-days σε User-mode είναι η απομακρυσμένη εκτέλεση κώδικα και οι attacks "elevation of privileges".
Although it appears for the first time in the report, Microsoft Edge has been proven to be robust and close to second, and has been attributed the first 111 patched vulnerabilities. Unlike IE, Edge maintains modern security features, such as AppContainer, or 64-bit processes for tabs enabled by default, which make it less vulnerable.
The Windows Exploitation Report 2016 contains detailed statistics on vulnerabilities patched in Microsoft-supported versions of Windows, components, web browsers, and the suite Office, and also provides information about released updates. The report's author also takes a detailed look at risk mitigation techniques in the latest versions of Windows and the effectiveness of security in basic Web browsers, as they are very attractive targets for cybercriminals.
Stakeholders can download the entire Windows Exploitation in 2016 report here. Additional security information on ESET's official blog, WeLiveSecurity.com, as well as more information on ESET's advanced security technologies.