A new cybersecurity industry report recently revealed the extent of the zero day vulnerabilities discovered in Microsoft Windows and Office over the course of 2014. The majority of the security intrusions were related to remote code execution, which allows cybercriminals to install malicious downloads on victims’ devices due to a vulnerability in their browser.
The report showed exactly how many components had to be patched within each system throughout the year. Internet Explorer was by far the most exploitable program, with 240 patches delivered last year. According to the study, twice as many vulnerabilities were patched in the IE operating system in 2014 than the previous year. One of the most dangerous zero-day flaws of 2014 affected IE through the Windows OLE package manager, allowing malicious software to be downloaded via a phony Microsoft PowerPoint file. Once the fake presentation was installed, malwareknown as BlackEnergy was able to download itself on the the compromised PC.
Efforts at protection fall short
In an attempt to protect against this sort of attack, Microsoft has employed mitigation techniques including Data Execution Prevention and Address Space Layout Randomization. However, cybercriminals have grown more sophisticated and are increasingly able to bypass these types of defense. Many hackers have begun to use Return Oriented Programming tools to evade DEP programs, allowing them to make changes to the security of memory pages with shellcode.
Microsoft systems are particularly vulnerable to attacks using ROP because many of them contain legacy DLL files that are no longer secure and have not been compiled with secure options. This lack of security provides cybercriminals with a library of executables that are extremely beneficial, especially if they haven’t been compiled with ASLR support.
More recently, Microsoft introduced Out-of-date ActiveX in October 2014 to increase the security of IE by blocking older versions of common browser plugins like Silverlight. However, when security researchers from Google Zero Team tested the protection of the feature, they found that it is still exploitable using a sandbox vulnerability.
One of the biggest issues affecting Windows users is that many have still not upgraded to the most recent operating systems. A large portion of enterprises using are using outdated OSs like Windows XP, leaving them unable to access the protections patches provided, such as modern anti-executable features.
By employing a security solutions like Faronics WINSelect and Faronics Anti-Executable, businesses can block such extensions while ensuring any unapproved application do not run – thus keeping necessary hardware safe from infections. System updates are easily managed with the program, doubling the amount of protection an organization receives. Updates from Microsoft can be set to automatically download in advance, ensuring the newest version of critical software will always be available without any hassle.