You are here

HomeJohn Lister › Report: Microsoft Bugs 'Most Exploited' by Hackers

Report: Microsoft Bugs 'Most Exploited' by Hackers

John Lister's picture
by John Lister on March, 20 2019 at 01:03PM EDT

According to a recent report, Microsoft products made up eight of the ten most exploited software bugs last year according to a security company. That's higher than in recent years, largely because Adobe Flash is becoming a less rewarding target for hackers as it loses popularity.

As recently as 2015, most of the top ten involved bugs with Flash. Microsoft took the unwanted lead in 2017 with seven entries on the list. (Source: bleepingcomputer.com)

Internet Explorer Tops The List

The top spot for 2018 went to a bug in the Windows VBScript engine. That's a tool that handles code designed for web pages running on Internet Explorer. While Internet Explorer has lost popularity in recent years, the bug was likely attractive to hackers because it allowed remote code execution.

In simple terms, the bug meant victims simply visiting a booby-trapped page would be enough to give the hackers the ability to upload and execute malicious programs (malware) on the users' computer. This would then allow cyber criminals access to spy on PCs remotely, including stealing financial information or even activating web cameras remotely.

The top 10 list was based around how widely exploited a bug was, rather than how many computers were made vulnerable by it.

"Recorded Future," the company behind the list, said this meant some of the highest profile bugs such as Spectre and Meltdown (which affected every computer processor made since 1995) were absent from the top 10. It appears those bugs were mainly used by a small but significant group of hackers, including those working on behalf of governments. (Source: theregister.co.uk)

Instead, the list was based largely on popular exploit kits. These are effectively a package of "tools of the trade" for cyber criminals, allowing them to easily take advantage of numerous bugs in operating systems or programs (for example), rather than have to develop or learn ways to exploit each one individually.

Microsoft Debate Continues

One of the more notable bugs in the list was another Internet Explorer vulnerability. It's notable as it's now been in the list for three straight years. It's particularly worrying as it has "no mitigating factors."

Overall the list included three Internet Explorer bugs, five from Microsoft Office, one from Adobe Flash and one from Google's Android system.

Such lists always spark debate in the tech industry because it's often disagreed as to why certain products and services 'make the cut', while others don't. Some argue that Microsoft software is "inherently less secure" than rival products. Others argue that it's more likely hackers put more effort into targeting Microsoft because the audience of potential victims is so high.

What's Your Opinion?

Are you surprised by this list? Do you think Microsoft products are more prone to security flaws? Or is it simply an inevitable result of the numbers game?

Filed under:
Security
| Tags:
internet explorer
,
vbscript
,
microsoft
,
hackers
,
bug
,
bugs
,
exploit kits
,
spectre
,
meltdown
,
cpu
,
processor
,
exploit
,
zero day
,
adobe flash
Rate this article: 
Average: 5 (6 votes)

Comments

Dennis Faas's picture

Submitted by Dennis Faas on Wed, 03/20/2019 - 13:42

The fact of the matter is that MS Windows dominates the market, and more people have machines running MS Windows. As such, hackers will simply go where there is a greater chance of being successful and profitable. To argue that MS products are "inherently less secure" is a bunch of baloney. That may have been true back in Windows XP days, but it's certainly not the case anymore. If Mac or Linux were as popular as MS Windows and had as much of a user base, you would have the same issues.

jcgrande's picture

Submitted by jcgrande on Wed, 03/20/2019 - 15:31

I agree with you, Dennis, The hackers will always go where they get the biggest bang for their buck. They’re not going to waste their time and money going after some software that only has a few thousand subscribers

kitekrazy's picture

Submitted by kitekrazy on Wed, 03/20/2019 - 15:39

Can I get a duh! on this? It's the largest platform out there.

JimBo's picture

Submitted by JimBo on Thu, 03/21/2019 - 12:26

How does the new Microsoft Edge figure into the mix. Is it being positioned to replace Internet Explorer? So, as a replacement, wouldn't it wipe the slate clean as far as reported vulnerabilities against I.E.?

Is Edge a rewrite of I.E. or is it just the same old code with some new enhancements and a bit of re-packaging?

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.