Today, we published our research about
Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.
The report includes the following information.
- Vulnerabilities discovered and patched in Microsoft Windows and Office.
- Statistics about patched vulnerabilities and how they compare with 2013’s statistics.
- Detailed descriptions of actual exploitation vectors.
- Vulnerabilities that were exploited in the wild, including a specific table showing ASLR bypass vulnerabilities.
- Exploitation methods and mitigation techniques for Microsoft’s Internet Explorer web browser (IE).
-
Last year we saw many exploits that were used for drive-by download attacks. Such attacks are used for silently installing malware. Our report contains detailed information about the nature of drive-by download attacks and how Internet Explorer was improved by Microsoft so that such attacks were mitigated by default.
