Home / / IE is Microsoft’s weak link: ESET

IE is Microsoft’s weak link: ESET

Report finds escalation in number of exploit attacks on Microsoft components in 2014

IE is Microsoft’s weak link: ESET
Djenane: This year was especially hard on users of the Internet Explorer browser.

Microsoft's Internet Explorer browser has topped a list of the most frequently targeted Windows components of 2014.

The list was compiled by security firm ESET in a report titled "Windows exploitation in 2014", which found a year-on-year escalation in the number of exploit attacks on Microsoft Windows components.

"This year was especially hard on users of the Internet Explorer browser, as Microsoft addressed twice as many vulnerabilities as in 2013," said Mohamed Djenane, security specialist, ESET Middle East.

The most notorious example of an Internet Explorer vulnerability being exploited in the wild was the Unicorn bug. This vulnerability could be used by an attacker to run arbitrary code on a remote machine while bypassing the Enhanced Protected Mode (EPM) sandbox in Internet Explorer 11 as well as Microsoft's free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET), touted by many ICT security specialists as a strong tool in device protection.

But Djenane hailed Microsoft's development of a replacement for its 20-year-old Web browser.

"[Microsoft] is set to release a new Web browser codenamed Spartan with Windows 10. It will act as a total replacement of Internet Explorer and we expect it to have the most advanced technology available among Web browsers," he said.

In the report, ESET researchers also presented findings on the BlackEnergy Trojan, which exploits a bug in Microsoft PowerPoint. The study also found that Windows XP, Redmond's popular legacy OS that was dropped from the company's support roster last year, is still widely used and its adherents remain at risk because of lack of access to security updates.

"Unfortunately, many users still use Windows XP without any anti-exploit security features, and these users are therefore constantly exposing themselves to significant risk of being infected," Djenane warned.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.