8.1.15

Internet Explorer identified as most vulnerable Microsoft Windows component

ESET researchers summarize Microsoft Windows vulnerabilities uncovered in 2014.

 ESET®, a global pioneer in proactive protection for more than two decades, has published a report on major trends in Windows exploitation and mitigation in 2014 on its security news page WeLiveSecurity.com. In the report, ESET researchers analyze major vulnerabilities of Microsoft Windows and compile a list of the most frequently targeted Windows components. Internet Explorer tops the list.
Compared to the results from last year, the number of exploit attacks on Microsoft components grew in 2014. ”This year was especially hard on users of the Internet Explorer browser, as Microsoft addressed twice as many vulnerabilities as in 2013,“ explains ESET Research on WeLiveSecurity.com. “Fortunately for its users, a great number of these vulnerabilities were patched during the same year.”
The most notorious example of an Internet Explorer vulnerability being exploited in the wild is the Unicorn bug. ESET researchers also offered their findings on the BlackEnergy trojan, which exploits a bug in Microsoft PowerPoint, at the 24th Virus Bulletin Conference in Seattle in September 2014.  
The report offers information about not just the main types of vulnerabilities present in Microsoft Windows over the past year, but also highlights the mitigation techniques that Microsoft introduced with the latest versions of its operating system. “Unfortunately, many users still use Windows XP without any anti-exploit security features, and these users are therefore constantly exposing themselves to significant risk of being infected,” adds.
In November 2014 ESET Smart Security 8 scored 100% in a study by AV-Test that focused on self-defense. In its test, AV-Test examined the use of open-access protection mechanisms – ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) – within the source code of IT security vendors. Both mechanisms help to reduce the risk of an existing vulnerability actually becoming exploitable.
For more information please read blog post on ESET’s news page WeLiveSecurity.com. Full report Windows Exploitation and Mitigation in 2014 is available in White Paper section on WeLiveSecurity.com.


About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter