ESET®, a global pioneer in proactive protection for
more than two decades, today publishes its annual report Windows Exploitation in
2015. In this report ESET analyzes the major vulnerabilities of Microsoft
Windows that have occurred in the past 12 months, highlighting new security
features introduced in Windows, web browsers and Microsoft’s Enhanced Mitigation Experience Toolkit.
“The main goal in writing this report on
Windows exploitations is to notify ESET’s customers and users worldwide about
the importance of installing updates to fix various unpatched vulnerabilities,”
said Artem Baranov, Malware Researcher at ESET Russia.
Compared to the results from 2014, the number of patched vulnerabilities in Microsoft
Windows components quadrupled
in 2015. The most patched item remained Internet Explorer, followed by Windows’
User Mode Components (UMC).
The
report provides readers with statistics about the most significant
vulnerabilities, including Hacking Team. It also describes the most common approaches
used by exploitations, such as drive-by downloads, Local Privilege Escalation
(LPE) or use-after-free (UAF) attacks. The report offers useful insights into the
latest mitigation
techniques that Microsoft has introduced to Google Chrome and Edge.
More detailed
information is available on WeLiveSecurity.com. The full Windows Exploitation in 2015 report is available for download from the White Paper
section on WeLiveSecurity.com.