According to Microsoft's security team and data from its anti-malware products, during 2015, the most popular security exploit was CVE-2010-2568, a vulnerability discovered in 2010 and also used in the infamous Stuxnet attacks.
CVE-2010-2568 is a security bug found in older versions of the Windows Shell and affects Microsoft's Windows 7, Vista, XP, Server 2008 and Server 2003 operating systems.
The vulnerability allows an attacker to deploy LNK or PIF files on an affected system and then execute code on the user's computer, effectively taking over the device.
Issue was fixed a long, long time ago
Microsoft fixed the issue back in 2010, but that didn't automatically mean it was fixed on everyone's computers, many users still failing to update their PCs or continuing to install Windows from older sources and never applying security updates.
Surprisingly, this was the favorite method of attacking Windows computers during 2015, as Microsoft explained last week in its latest Security Intelligence Report (SIR).
What this means is that hackers are actively targeting older systems, knowing they lack all the new security features that Microsoft added in order to harden Windows 8, 8.1 and 10.
This also shows that Microsoft's dedication to improving Windows overall security is working and that attackers are having a hard time penetrating more modern systems and are still focusing their efforts on older PCs, knowing they could still be successful.
[...]
Full Article: Microsoft: 2015's Most Popular Exploit Was a Vulnerability Discovered in 2010
CVE-2010-2568 is a security bug found in older versions of the Windows Shell and affects Microsoft's Windows 7, Vista, XP, Server 2008 and Server 2003 operating systems.
The vulnerability allows an attacker to deploy LNK or PIF files on an affected system and then execute code on the user's computer, effectively taking over the device.
Issue was fixed a long, long time ago
Microsoft fixed the issue back in 2010, but that didn't automatically mean it was fixed on everyone's computers, many users still failing to update their PCs or continuing to install Windows from older sources and never applying security updates.
Surprisingly, this was the favorite method of attacking Windows computers during 2015, as Microsoft explained last week in its latest Security Intelligence Report (SIR).
What this means is that hackers are actively targeting older systems, knowing they lack all the new security features that Microsoft added in order to harden Windows 8, 8.1 and 10.
This also shows that Microsoft's dedication to improving Windows overall security is working and that attackers are having a hard time penetrating more modern systems and are still focusing their efforts on older PCs, knowing they could still be successful.
[...]
Full Article: Microsoft: 2015's Most Popular Exploit Was a Vulnerability Discovered in 2010
