Researchers have published a new report revealing security flaws in Microsoft Windows and Office patched over 2014, and how services were exploited throughout the year.
On Thursday, security firm ESET published findings
from an analysis of Microsoft's Windows and exploitation of the operating system throughout 2014. The detailed report
(.PDF) lists the vulnerabilities in Microsoft Windows and Office patched over the course of the year, how drive-by download attacks were conducted and the various exploit techniques used to compromise the system.
The report includes the following information.
- Vulnerabilities discovered and patched in Microsoft Windows and Office.
- Statistics about patched vulnerabilities and how they compare with 2013’s statistics.
- Detailed descriptions of actual exploitation vectors.
- Vulnerabilities that were exploited in the wild, including a specific table showing ASLR bypass vulnerabilities.
- Exploitation methods and mitigation techniques for Microsoft’s Internet Explorer web browser (IE).