The annual report «Windows Exploitation in 2016” (PDF) issued by ESET summarizing the “pros and cons” presented in the most widely used operating system, the Microsoft Windows.
In the 25-page report, ESET analyzes the vulnerabilities that appeared during the last 12 months, providing details on the most vulnerable components, such as the Internet Explore and Windows User-Mode Components.
Compared to last year, this year's "Windows Exploitation in 2016" report reveals that the number of vulnerabilities fixed increased in all but one area, Internet Explorer (IE), where there was a sharp decline in the number of vulnerabilities from 242 to 109 in the last twelve months.
On the other hand, Windows User-Mode Components, a processor feature that runs most applications and some Windows OS drivers, has remained as popular with cyber criminals.
In the report, ESET places Windows User-Mode Components, with 116 vulnerabilities being repaired, at the top of the chart for 2016. Among the most common ways cybercriminals abuse 0-days in User-mode are remote code execution and elevation of privileges.
Although it appears for the first time in the exhibition, the Microsoft Edge, έχει αποδειχτεί ανθεκτικό στην εκμετάλλευση, και πολύ κοντά στη δεύτερη θέση, του έχουν αποδοθεί οι πρώτες 111 «patched» ευπάθειες. Σε αντίθεση με τον IE, το Edge διατηρεί σύγχρονα characteristics ασφαλείας, όπως το AppContainer ή διαδικασίες 64-bit για καρτέλες ενεργοποιημένες από προεπιλογή, τα οποία το καθιστούν λιγότερο ευάλωτο.
Windows Exploitation Report 2016 provides detailed statistics on vulnerabilities that have been fixed in Microsoft-supported versions of Windows, components, Web browsers, and the Office suite, as well as updates issued. The report's author also takes a detailed look at risk mitigation techniques in the latest versions of Windows and the effectiveness of security in key Web browsers, as they are very attractive targets for cybercriminals.
Stakeholders can download the entire Windows Exploitation in 2016 report here. Additional security information on ESET's official blog, WeLiveSecurity.com, as well as more information on ESET's advanced security technologies.
