ESET says Microsoft’s Edge browser has no exploits in the wild

samit

Level 12
Thread author
Verified
Nov 4, 2011
830
In their annual security report ESET has praised Microsoft for finally securing their browser by default, resulting in no active exploits in the wild.

“From our point of view this situation with Edge was predictable, because, unlike IE11, Edge keeps modern security features turned on by default, including the AppContainer full process for sandbox and 64-bit processes for tabs,” the report says.

Internet Explorer had 109 known vulnerabilities, with 3 being exploited in the wild. Edge had 11, with none in the wild.

They note that the Edge browser finally purges Microsoft’s official browser from code which was written in the nineties when Microsoft was more security naive, and removed a range of interrelated vulnerabilities found in earlier versions of Windows.

“The two most common types of exploit attacks in the Windows world are Remote Code Execution (RCE) and Local Privilege Escalation (LPE). The first is used by attackers to penetrate a system and the second to obtain maximum privileges on that system. In fact, RCE exploits are commonly used to target vulnerabilities in web browsers with the intention of downloading and running malicious executables – such attacks are called drive-by downloads.”

Microsoft’s Windows 10 Enhanced Mitigation Experience Toolkit (EMET) features Attack Surface Reduction (ASR) and Microsoft has also worked to block other attack vectors to the OS.

In the latest OS builds Microsoft now blocks Adobe’s Flash by default, and prevents infected drivers by demanding that drivers be tested by and digitally signed by Microsoft, and also prevents infected firmware by using secure boot.

ESET concluded by saying: “Obviously, the use of a modern up-to-date Windows version, e.g. Windows 10 with the latest updates, is the best approach to being protected from cyber attacks exploiting vulnerabilities. As we have shown above and in previous versions of this report, its components contain useful security features for mitigating RCE and LPE exploits. We can say that actions taken by Microsoft to make modern versions of Internet Explorer more secure were insufficient because so-called advanced security settings that are built into Edge are still optional in IE.”

Microsoft’s effort to secure the OS has resulted in hackers moving on to other targets, such as routers and network cameras, meaning users need to remain vigilant, but if they move to the latest version of Windows they will have one less thing to worry about.

Source: Security company ESET says Microsoft's Edge browser has no exploits in the wild - MSPoweruser

Source: ESET Releases Annual Report of the Most Vulnerable Microsoft Windows Components
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Even an AppContainer is enabled by default, still a small sheet that will remain to be vulnerable no matter what.

Example is between an umbrella and droplets of rains.

Microsoft Edge users are few compare to Chrome and others, so more vulnerabilities to produce for profit.
 

Entreri

Level 7
Verified
May 25, 2015
342
At least they made it secure, unlike the pile of trash IE.

I have been using Chrome and Firefox close to 10 years now, I may give Edge a chance instead of just for Netflix.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top