IT security company ESET has released its latest Windows annual report. The Windows Exploitation in 2016 report discusses the security highs and lows of Microsoft's platform. ESET points out vulnerabilities in Windows and what are the most problematic components. However, the Edge browser has impressed and has no exploits in the wild.
Microsoft's Edge Browser for Windows 10 is still a new service. The company has been building up features for the browser since it launched in 2015. Competing with rival browsers is the key to Edge, including making the browser secure.
Security has been at the forefront of Edge development and it has paid off. The browser is now secured by default and only has 11 vulnerabilities, none of which are in the wild.
“From our point of view this situation with Edge was predictable, because, unlike IE11, Edge keeps modern security features turned on by default, including the AppContainer full process for sandbox and 64-bit processes for tabs,” ESET points out in the report.
In the report, ESET points out that there are two common exploits in Windows. The first is Remote Code Execution (RCE) and Local Privilege Escalation (LPE). RCE is an exploit that hackers use to enter a system, typically targeted to web browsers. These exploits attempt to download and run dangerous executables. LPE exploits target an entire system and try to get all access to a system.
Microsoft has been attempting to safeguard Windows 10 with services such as Enhanced Mitigation Experience Toolkit (EMET). However, the company has said EMET will be closed in 2018, something security experts have said is a mistake.
“Obviously, the use of a modern up-to-date Windows version, e.g. Windows 10 with the latest updates, is the best approach to being protected from cyber-attacks exploiting vulnerabilities,” ESET concludes in the report.
“As we have shown above and in previous versions of this report, its components contain useful security features for mitigating RCE and LPE exploits. We can say that actions taken by Microsoft to make modern versions of Internet Explorer more secure were insufficient because so-called advanced security settings that are built into Edge are still optional in IE.”