Microsoft recently rolled out the new Security Intelligence Report 16 to reveal that the number of exploits aimed at Windows users has dropped in the second half of 2013 and, although some attacks are still launched against its users, it's not the operating system that's exposing consumers to attacks.
The company blames Java and Adobe Flash Player for some of the exploits developed to help break into Windows computers, with the analysis pointing out that some of the vulnerabilities found in the two solutions helped criminals worldwide attack computers running Microsoft's operating system even though their parent companies, namely Oracle and Adobe, acted quickly and fixed the flaws.
Microsoft says that one of the vulnerabilities that have been used in the second half of 2013 was actually fixed by Oracle in 2012, but the growing number of exploits maintained the attack rate very high last year as well.
“CVE-2012-1723 accounted for most of the Java exploits detected and blocked in 4Q13. CVE-2012-1723 is a type-confusion vulnerability in the Java Runtime Environment (JRE), which is exploited by tricking the JRE into treating one type of variable like another type. Oracle confirmed the existence of the vulnerability in June 2012, and addressed it the same month with its June 2012 Critical Patch Update,” Microsoft said in the report.
“The vulnerability was observed being exploited in the wild beginning in early July 2012, and exploits for the vulnerability were added to the Blacole exploit kit shortly thereafter. CVE- 2012-1723 exploits were removed from the Blacole kit in 1H13, contributing to the decline in its encounter rate.”
As far as Flash Player is concerned, Microsoft said that several flaws found in this particular solution exposed users to attacks, but the company's latest efforts in patching Flash Player all by itself are improving the overall security offered to consumers.
Both Internet Explorer 10 and Internet Explorer 11 come with built-in Flash Player, so Microsoft itself is patching vulnerabilities caused by this platform by working with Adobe and releasing fixes via Windows Update. At the same time, Adobe has also moved its patch cycle to the second Tuesday of each month to coincide with Microsoft's Patch Tuesday rollout.
As far as Windows is concerned, Microsoft says that things are getting better and less OS exploits supposed to take advantage of flaws the operating system have been discovered, which means that its users are now safer and fewer critical vulnerabilities are found.
Source
The company blames Java and Adobe Flash Player for some of the exploits developed to help break into Windows computers, with the analysis pointing out that some of the vulnerabilities found in the two solutions helped criminals worldwide attack computers running Microsoft's operating system even though their parent companies, namely Oracle and Adobe, acted quickly and fixed the flaws.
Microsoft says that one of the vulnerabilities that have been used in the second half of 2013 was actually fixed by Oracle in 2012, but the growing number of exploits maintained the attack rate very high last year as well.
“CVE-2012-1723 accounted for most of the Java exploits detected and blocked in 4Q13. CVE-2012-1723 is a type-confusion vulnerability in the Java Runtime Environment (JRE), which is exploited by tricking the JRE into treating one type of variable like another type. Oracle confirmed the existence of the vulnerability in June 2012, and addressed it the same month with its June 2012 Critical Patch Update,” Microsoft said in the report.
“The vulnerability was observed being exploited in the wild beginning in early July 2012, and exploits for the vulnerability were added to the Blacole exploit kit shortly thereafter. CVE- 2012-1723 exploits were removed from the Blacole kit in 1H13, contributing to the decline in its encounter rate.”
As far as Flash Player is concerned, Microsoft said that several flaws found in this particular solution exposed users to attacks, but the company's latest efforts in patching Flash Player all by itself are improving the overall security offered to consumers.
Both Internet Explorer 10 and Internet Explorer 11 come with built-in Flash Player, so Microsoft itself is patching vulnerabilities caused by this platform by working with Adobe and releasing fixes via Windows Update. At the same time, Adobe has also moved its patch cycle to the second Tuesday of each month to coincide with Microsoft's Patch Tuesday rollout.
As far as Windows is concerned, Microsoft says that things are getting better and less OS exploits supposed to take advantage of flaws the operating system have been discovered, which means that its users are now safer and fewer critical vulnerabilities are found.
