The annual report "Windows Exploitation in 2016” (PDF) issued by ESET summarizing the “pros and cons” presented in the most widely used operating system, the Microsoft Windows.
Στις 25 σελίδες της έκθεσης, η ESET αναλύει τις ευπάθειες που εμφανίστηκαν κατά τη διάρκεια των τελευταίων 12 μηνών, παρέχοντας λεπτομέρειες σχετικά με τα πιο ευάλωτα επιμέρους στοιχεία, όπως τον Internet Explorer και τα User-Mode Components των Windows.
Compared to last year's figures, this year's 'Windows Exploitation in 2016' report reveals that the number of vulnerabilities patched increased across the board, except from one, Internet Explorer (IE), which saw a sharp drop in the number of vulnerabilities from 242 to 109 over the past twelve months.
On the other hand, Windows User-Mode Components, a processor feature that runs most applications and some Windows OS drivers, has remained as popular with cyber criminals.
In the report, ESET places Windows User-Mode Components, with 116 patched vulnerabilities, at the top of the chart for 2016. Among the mostdata Ways cybercriminals abuse User-mode 0-days are remote code execution and elevation of privileges attacks.
Although it appears for the first time in the report, Microsoft Edge has been proven to be robust and close to second, and has been attributed the first 111 patched vulnerabilities. Unlike IE, Edge maintains modern security features, such as AppContainer, or 64-bit processes for tabs enabled by default, which make it less vulnerable.
Windows Exploitation Report 2016 provides detailed statistics on vulnerabilities that have been fixed in Microsoft-supported versions of Windows, components, Web browsers, and the Office suite, as well as updates issued. The report's author also takes a detailed look at risk mitigation techniques in the latest versions of Windows and the effectiveness of security in key Web browsers, as they are very attractive targets for cybercriminals.
Those interested can download the full Windows Exploitation in 2016 report here. Additional security information on ESET's official blog, WeLiveSecurity.com, as well as more information on advanced technologies ESET Security.