sb-as logo
Story image

Windows OS is still full of holes, but Microsoft's making serious efforts to fix it

11 Jan 2017

ESET’s latest annual report on the state of the widely-used Windows operating system shows that it’s continuing to be a breeding ground for vulnerabilities such as Remote Code Execution (RCE) and Local Privilege Escalation (LPE), but patches are never far behind.

The report, titled Windows Exploitation in 2016, shows that the number of Windows vulnerabilities has increased in all segments except in Internet Explorer (IE).

While previous versions of IE have been plagued with security holes, this report found that there has been a ‘steep’ decrease from 242 to 109 zero-day vulnerabilities over the last 12 months.

It also found that the Edge browser had 111 vulnerabilities, but it has held strong so far as it has not become an exploited target.

“It is worth noting that in the last year no vulnerabilities have been found for the Edge web browser that are known to have been exploited in the wild. From our point of view this situation with Edge was predictable, because, unlike IE11, Edge keeps modern security features turned on by default, including the AppContainer full sandbox and 64-bit processes for tabs,” the report said.

Windows OS and applications processing hub Windows User-Mode Components is still a hotbed for cybercrime activity, as the report found 116 patched vulnerabilities. These vulnerabilities are an avenue for zero-day attacks through remote code execution and hijacking privileges for malicious components.

Microsoft Office had 68 patched vulnerabilities, kernel mode drivers had 66 patched, while Win32K had 41 patches and .net came in with seven patches.

The Windows Exploitation Report 2016 contains detailed statistics about vulnerabilities fixed in Microsoft-supported versions of Windows, its components, web browsers, as well as the Office suite, and also provides information about issued updates. The report’s author also took a detailed look at exploit mitigations in recent Windows versions and the security effectiveness of major web browsers, as they represent very attractive targets for attackers.

The report also said of the new model of cumulative updates for Windows 7 and 8.1 devices, in addition to the defaults in Windows 10, that “cumulative updates mean users and IT specialists will update their copies of Windows without being required to take so many actions”, simplifying the process for IT administrators.

The report acknowledges that Microsoft is doing its best to keep its systems patched through an incremental method.

“Obviously, the use of a modern up-to-date Windows version, e.g. Windows 10 with the latest updates, is the best approach to being protected from cyberattacks exploiting vulnerabilities. As we have shown above and in previous versions of this report, its components contain useful security features for mitigating RCE and LPE exploits. We can say that actions taken by Microsoft to make modern versions of Internet Explorer more secure were insufficient, because so-called advanced security settings that are built into Edge are still optional in IE,” the report concludes.

Story image
Index Engines enhances ransomware detection and recovery software
CyberSense helps organisations win the war against cyberattacks.More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More