The annual report "Windows Exploitation in 2016"(PDF) released by ESET, which summarizes the" positive and negative "presented in the most widely used operating system, Microsoft Windows.
In the 25 pages of the report, ESET analyzes the vulnerabilities that appeared during duration of the last 12 months, providing details on the most vulnerable components, such as Internet Explorer and Windows User-Mode Components.
Compared to last year, this year's "Windows Exploitation in 2016" report reveals that the number of vulnerabilities fixed increased in all but one area, Internet Explorer (IE), where there was a sharp decline in the number of vulnerabilities from 242 to 109 in the last twelve months.
On the other hand, Windows User-Mode Components, a processor feature that runs most applications and some Windows OS drivers, has remained as popular with cyber criminals.
In the report, ESET places Windows User-Mode Components, with 116 vulnerabilities being repaired, at the top of the chart for 2016. Among the most common ways cybercriminals abuse 0-days in User-mode are remote code execution and elevation of privileges.
Despite appearing for the first time in the report, Microsoft Edge has proven to be resistant to exploitation, and in a close second place, it has been credited with the first 111 "patched" vulnerabilities. Unlike IE, Edge retains modern security features such as AppContainer or 64-bit processes for pre-enabled tabschoice, which make it less vulnerable.
The Windows Exploitation Report 2016 contains detailed statistics on vulnerabilities patched in Microsoft-supported versions of Windows, the individual components, programs web browsing, as well as the Office suite, and also provides information about released updates. The report's author also takes a detailed look at risk mitigation techniques in the latest versions of Windows and the effectiveness of security in basic Web browsers, as they are very attractive targets for cybercriminals.
Those interested can download the full Windows Exploitation in 2016 report here. Additional security information on ESET's official blog, WeLiveSecurity.com, as well as more information on advanced technologies ESET Security.
