![]() It is also worth noting that at this point no ITW attacks have been observed against Microsoft Edge, the new web browser that currently ships exclusively with Windows 10. This helps secure products such as Internet Explorer. This is a strong move in the right direction, as trimming the code base leads to shrinking the attack surface. These include, but are not limited to, VML and VBScript, which have been used to exploit and compromise the integrity of Internet Explorer, or leveraged to bypass ASLR/DEP in the past. It should be noted that, as of Internet Explorer 11, some features are no longer supported or are considered deprecated. Microsoft’s most recent move will allow the company to do the same. This shows that attackers, as well as researchers, are focusing considerably on Internet Explorer 11. Non-IE11 vulnerability count īased on the information found in Figures 1, 2, and 3, most of the vulnerabilities reported in 2015 affected Internet Explorer 11. The majority of the attacks found ITW in 20 affected IE 11.įigure 3 compares the count of vulnerabilities that affect Internet Explorer 11 (IE 11) to the ones that don’t.įigure 3. ![]() Keeping in mind that these are non-unique counts, we can observe that, for the most part, the majority of the reported vulnerabilities affected Internet Explorer 11.įigure 2 shows the most notable in the wild (ITW) attacks exploiting Internet Explorer in 20.įigure 2. ![]() The graph above shows the total number of reported vulnerabilities affecting each version of Internet Explorer across the months of 2015. Internet Explorer vulnerability count for 2015 Microsoft continues to silently enhance protections as the months go by while at the same time trimming code.įigure 1 shows the vulnerability counts for Internet Explorer versions in 2015.įigure 1. These are all steps in right direction for the Microsoft teams because it allows for the consolidation of team efforts, resulting in a stronger focus on securing fewer versions across a smaller code base. Prior to that, Microsoft made a similar announcement about the Windows XP Operating System, wherein they issued an End of Life for XP in April 2014. Two notable mitigations introduced to the browser in 2014 are Isolated Heap and Memory Protect, which were implemented on Patch Tuesday of June and July 2014 respectively. It offers improved security with the latest security features and mitigations. It should go without saying that Internet Explorer users are strongly encouraged to update to the latest version. If users would like to keep their browsers up to date, they will need to upgrade to either of these two options. This gives users two options: Internet Explorer 11 and Microsoft Edge, the latter of which is currently exclusive to Windows 10. What this means for users is that Microsoft will no longer release new security updates for these product versions going forward. The affected versions are Internet Explorer 7, 8, 9, and 10. 12, 2016, support for all older versions of Internet Explorer (IE) will come to an end (known as an EoL, or End of Life). Microsoft has started the year with an announcement that, effective Jan.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |