IE is Microsoft’s weak link: ESET
Report finds escalation in number of exploit attacks on Microsoft components in 2014
Microsoft's Internet Explorer browser has topped a list of the most frequently targeted Windows components of 2014.
The list was compiled by security firm ESET in a report titled "Windows exploitation in 2014", which found a year-on-year escalation in the number of exploit attacks on Microsoft Windows components.
"This year was especially hard on users of the Internet Explorer browser, as Microsoft addressed twice as many vulnerabilities as in 2013," said Mohamed Djenane, security specialist, ESET Middle East.
The most notorious example of an Internet Explorer vulnerability being exploited in the wild was the Unicorn bug. This vulnerability could be used by an attacker to run arbitrary code on a remote machine while bypassing the Enhanced Protected Mode (EPM) sandbox in Internet Explorer 11 as well as Microsoft's free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET), touted by many ICT security specialists as a strong tool in device protection.
But Djenane hailed Microsoft's development of a replacement for its 20-year-old Web browser.
"[Microsoft] is set to release a new Web browser codenamed Spartan with Windows 10. It will act as a total replacement of Internet Explorer and we expect it to have the most advanced technology available among Web browsers," he said.
In the report, ESET researchers also presented findings on the BlackEnergy Trojan, which exploits a bug in Microsoft PowerPoint. The study also found that Windows XP, Redmond's popular legacy OS that was dropped from the company's support roster last year, is still widely used and its adherents remain at risk because of lack of access to security updates.
"Unfortunately, many users still use Windows XP without any anti-exploit security features, and these users are therefore constantly exposing themselves to significant risk of being infected," Djenane warned.