Windows exploitation in 2014

Discussion in 'other software & services' started by Minimalist, Jan 8, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Microsoft is taking steps to improve its security model with each subsequent release of Windows. However, it's support for backward compatibility and legacy code tie it back from setting the highest possible security settings as default. Not to mention, some things are just limited by design like ASLR on 32-bit is weaker compared to 64-bit. This research focus on Microsoft's own products but if one includes 3rd-party software, things become even messier as some ISV still have yet to adopt mitigation techniques.

    Fortunately, those who are keen on Windows hardening can change and tighten settings like ASLR,DEP, IE EPM within Windows itself and tools like EMET provides even more useful security features not yet baked into the OS. Far from perfect but coupled with updates, things are better than they used to be.


    Related:
    http://www.welivesecurity.com/2014/02/11/windows-exploitation-in-2013/
    http://www.welivesecurity.com/2013/12/13/exploit-protection-for-microsoft-windows/
    http://blogs.microsoft.com/cybertrust/2010/09/21/isv-adoption-of-mitigation-technologies/
    http://www.zdnet.com/article/report...rograms-responsible-for-most-vulnerabilities/
    http://www.av-test.org/en/news/news-single-view/adobe-java-make-windows-insecure/
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thank you for posting :).
     
Loading...