Malware installation through an exploit would be invisible to users and gives attackers an obvious advantage.
Exploitation Targets
Here are some applications most targeted by attackers through exploitation:- Web browsers (Microsoft Internet Explorer, Google Chrome, Apple Safari, Mozilla Firefox and others).
- Plug-ins for browsers (Adobe Flash Player, Oracle Java, Microsoft Silverlight).
- The Windows operating system itself – notably the Win32 subsystem driver – win32k.sys.
- Adobe Reader and Adobe Acrobat
While PDF’s are the most common document files, they can be dangerous if obtained from an unreliable source. Adobe has extended the file format to maximize its data exchange functionality by granting scripting and the embedding of various objects into files. This can be exploited by an attacker.
Another target is the Adobe Flash Player. This plug-in is used for playback of content on various browsers. The Adobe Flash Player is updated regularly and notifies you when it’s time to upgrade. Most vulnerabilities are of Remote Code Execution (RCE) which indicates that attackers use susceptibilities for remotely executing malicious code on a victim’s computer.
Java is also a popular browser plug-in attractive to attackers. More than three billion devices are using this platform. Java is vulnerable to malicious attacks and is one of the most dangerous components. When you use Java on Windows, its security settings can be changed using the control panel applet. Latest versions of security settings allow you to configure the environment more accurately.
Windows operating systems itself can be used by attackers to remotely execute code. The figure below shows the number of patches the each components have received during 2013.
This shows Internet Explorer fixed the
greatest number of vulnerabilities. More than a hundred
vulnerabilities have been fixed in the course of fourteen updates.
Windows Operating System
Newer versions of Microsoft Windows – i.e., Windows 7, 8, and 8.1 have built-in mechanisms which help protect users from destructive actions delivered by exploits. Features became available with Windows Vista was upgraded in the most recent operating system versions.
http://www.hyphenet.com/blog/2013/12/13/are-you-being-explotied/
This shows Internet Explorer fixed the
greatest number of vulnerabilities. More than a hundred
vulnerabilities have been fixed in the course of fourteen updates.
Windows Operating System
Newer versions of Microsoft Windows – i.e., Windows 7, 8, and 8.1 have built-in mechanisms which help protect users from destructive actions delivered by exploits. Features became available with Windows Vista was upgraded in the most recent operating system versions.http://www.hyphenet.com/blog/2013/12/13/are-you-being-explotied/
Windows Operating System
Newer versions of Microsoft Windows – i.e., Windows 7, 8, and 8.1 have built-in mechanisms which help protect users from destructive actions delivered by exploits. Features became available with Windows Vista was upgraded in the most recent operating system versions.
All operating systems or programs used
are studied by attackers for vulnerabilities. Their intent is to
exploit for financial gain. Adobe, Google, and Microsoft are all taking
steps to make these attacks more difficult to achieve.
To protest yourself, change your system settings for a more secure application and keep your software up-to-date.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
References:
http://www.welivesecurity.com/2013/12/13/exploit-protection-for-microsoft-windows/
No comments:
Post a Comment