The Inquirer-Home

Internet Explorer vulnerabilities have doubled since 2013

Microsoft's web browser has required an 'historic' shedload of security patches
Wed Jul 23 2014, 13:38

Microsoft Internet ExplorerMICROSOFT'S INTERNET EXPLORER (IE) has seen a 100 percent explosion of reported security vulnerabilities in just six months, according to security firm Bromium labs.

Bromium has studied the security vulnerability market intensely and found that in the last six months Microsoft released more security patches than it had during the entire last decade. Internet Explorer also leads in publicly reported exploits.

"Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first [six[ months of 2014," it said. "As timelines to the next version of the latest Internet Explorer shrink, times to the next security patches have also shrunk."

It is not all bad news for Microsoft, though, and the report said that Adobe Flash is the most targeted in-browser software product, adding that this often gives attackers new vectors into IE.

"End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks," said Bromium chief security architect Rahul Kashyap.

"Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently."

There's good news for Oracle, however. While its Java platform was "the notorious king" of malware and zero-day attacks in 2013, there have been no reported zero-day exploits targeting Java so far in 2014.

Bromium Labs' report (PDF) is called "Endpoint Exploitation Trends H1 2014" and is available now.

Ian Pratt, co-founder at Bromium, told us that while it is hit hard, Microsoft also pushes back hard.

"As the most popular browser, IE is always in the crosshairs of malware authors. Over the last few years, Microsoft have taken this threat seriously and have done a good job of implementing architectural improvements to harden newer versions of IE against attack, and are continuing to innovate and add new defences," he said.

"IE11 is certainly harder to exploit than several other popular browsers. Of course, IE suffers from a legacy version problem far more than other browsers, and this provides rife opportunities for attackers." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015