January 29, 2017 by

2016 Windows Exploitations

Over the course of 2016, vulnerabilities in Internet Explorer and Edge were fixed after numerous exploitations. According to statistics, the number of vulnerabilities exploited from the outside in Internet Explorer has declined and no vulnerabilities were found to be exploited in the Edge web browser. Vulnerabilities from the outside were most likely not found in Edge, due to the setting that keeps security features turned on by default.

There have been around 60 software updates, which is the largest number of updates given to windows users, which fixed attacks such as, Remote Code Execution (RCE) and Local Privilege Escalation (LPE). Also, most updates for Win32k.sys (windows operating system) and kernel mode drivers fixed LPE vulnerabilities. The number of patched vulnerabilities increased in 2016, expect for Internet Explorer.

Microsoft also presented a cumulative update model for Windows 7 and 8.1. Unlike, previous models the updates are offered cumulatively in a monthly package. This new update model, made the process of updating easier for users, lessening the number of steps, especially for IT specialists who constantly update their windows. A Windows 10-year Anniversary update was also issued in 2016. This update brought the Linux subsystem for users, who can now use the bash (a command language) command interpreter and other Linux tools; as well run their own Linux applications.

The most common exploit attacks in Windows are RCE and LPE. RCE is used to compromise system, while LPE is used to acquire maximum privileges in that system. RCE attacks are intended to target vulnerabilities in web browsers to download and run malicious executables like drive-by downloads. Once the attacker penetrates the system, he/ she needs maximum privileges for their code to get full control of the system. Usually, exploited LPE vulnerabilities are in standard Windows win32k.sys driver.

Once the attacker, exploits a vulnerability in win32k.sys he/ she gets all system privileges and is able to run malicious codes in kernel mode. The attacker can also use the vulnerabilities to get into “god mode”, which provides the ability to circumvent hypervisor security measures and get full control of a system with a VM.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Ransomware Woes Sees India Force Microsoft for Cut-Price Upgrade Deal

Following last month’s unprecedented cyberattack led by the WannaCry ransomware, India has...

Read more arrow_forward

Microsoft Security Director Admits Windows 10 Disables 3rd Party Antivirus Software

As Kaspersky Lab sues Microsoft for alleged antitrust compliant violations, a senior security...

Read more arrow_forward

Microsoft Patches Windows XP to Protect Against Nation-State Attacks

After Microsoft took the unprecedented step of releasing patches for Windows XP following last...

Read more arrow_forward