sb-nz logo
Story image

Windows OS is still full of holes, but Microsoft's making serious efforts to fix it

11 Jan 2017

ESET’s latest annual report on the state of the widely-used Windows operating system shows that it’s continuing to be a breeding ground for vulnerabilities such as Remote Code Execution (RCE) and Local Privilege Escalation (LPE), but patches are never far behind.

The report, titled Windows Exploitation in 2016, shows that the number of Windows vulnerabilities has increased in all segments except in Internet Explorer (IE).

While previous versions of IE have been plagued with security holes, this report found that there has been a ‘steep’ decrease from 242 to 109 zero-day vulnerabilities over the last 12 months.

It also found that the Edge browser had 111 vulnerabilities, but it has held strong so far as it has not become an exploited target.

“It is worth noting that in the last year no vulnerabilities have been found for the Edge web browser that are known to have been exploited in the wild. From our point of view this situation with Edge was predictable, because, unlike IE11, Edge keeps modern security features turned on by default, including the AppContainer full sandbox and 64-bit processes for tabs,” the report said.

Windows OS and applications processing hub Windows User-Mode Components is still a hotbed for cybercrime activity, as the report found 116 patched vulnerabilities. These vulnerabilities are an avenue for zero-day attacks through remote code execution and hijacking privileges for malicious components.

Microsoft Office had 68 patched vulnerabilities, kernel mode drivers had 66 patched, while Win32K had 41 patches and .net came in with seven patches.

The Windows Exploitation Report 2016 contains detailed statistics about vulnerabilities fixed in Microsoft-supported versions of Windows, its components, web browsers, as well as the Office suite, and also provides information about issued updates. The report’s author also took a detailed look at exploit mitigations in recent Windows versions and the security effectiveness of major web browsers, as they represent very attractive targets for attackers.

The report also said of the new model of cumulative updates for Windows 7 and 8.1 devices, in addition to the defaults in Windows 10, that “cumulative updates mean users and IT specialists will update their copies of Windows without being required to take so many actions”, simplifying the process for IT administrators.

The report acknowledges that Microsoft is doing its best to keep its systems patched through an incremental method.

“Obviously, the use of a modern up-to-date Windows version, e.g. Windows 10 with the latest updates, is the best approach to being protected from cyberattacks exploiting vulnerabilities. As we have shown above and in previous versions of this report, its components contain useful security features for mitigating RCE and LPE exploits. We can say that actions taken by Microsoft to make modern versions of Internet Explorer more secure were insufficient, because so-called advanced security settings that are built into Edge are still optional in IE,” the report concludes.

Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Kaspersky steps in to protect automotive industry from cyber threats
The company’s TI report, previously available for a selected range of customers, is able to provide car manufacturers with in-depth analysis of industry-specific security threats.More
Story image
Demystifying 'zero trust' and its role in cybersecurity
The principle of ‘zero trust’ in cybersecurity is simple: Trust nothing, and verify everything.More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More