Home Internet Security Microsoft's Security Staff Worked Overtime During 2015 to Address Endless Bugs in Internet Explorer

Microsoft's Security Staff Worked Overtime During 2015 to Address Endless Bugs in Internet Explorer

Posted: January 29, 2016

microsoft internet explorer bugs fixed in 2015Have you ever experienced those days that your boss asks you to stay an extra couple of hours at work to complete a project or finish up something before a deadline? While those times seem to be a major annoyance or cause some disgruntlement towards the higher powers at work, just remember that Microsoft's security staff had to work overtime during most of 2015 to address endless bugs in the Internet Explorer web browser.

It's no secret that Microsoft's Internet Explorer web browser has been the brunt of malware attacks and a primary entry point for most malware threats in the past and during the year of 2015. Marking one of the busiest years for malware threats and hacker activity, 2015 kept Microsoft developers working overtime. The developers and security staff were hard pressed to close security bugs in Internet Explorer and UMC (User Mode Components) as the latest ESET Windows Exploitation in 2015 report reveals.

The ESET report gives us details into Microsoft's efforts to address a record total of 571 bugs within Internet Explorer and the Windows UMC, which is up from only 376 bugs reported in 2014. Out of all of the bugs, 12 were zero-day flaws, which means they were actively exploited by other sources to either infect systems with malware, run malicious scripts, display unwanted pop-ups or advertisements, or conduct other malevolent activity on a Windows machine.

Up to as many as four of the zero-day flaws exploited in the wild were found directly in Internet Explorer. The others, three within Windows UMC alone, four in Win32k (the kernel component of Windows' Graphical User Interface), and one in the Kernel Mode drivers were all severe enough to warrant Microsoft staff to play an active role in fixing the issues in a prompt manner.

While Microsoft has been on a major push for users to move towards Windows 10, which does away with Internet Explorer and in return provides the all-new Edge web browser. Microsoft Edge touts top-of-the-line security features, such as protection against binary injection attacks. Edge has come out of the gates and s better security solution somewhat due to its inability to run extensions as of yet, which is a primary entry point for malicious components that plagued Internet Explorer so greatly during 2015 and prior years.

Many popularized exploits and zero-day vulnerabilities have been addressed, which has been due in part by Microsoft's demanding work during all of 2015 kept them busier than ever with Internet Explorer alone. Never mind the other products that had security bugs, Internet Explorer trumped them all for the rating of patched components as shown in the ESET chart below comparing all platforms significantly affected by bugs in 2014 and 2015.

Rating of patched components in major Windows products, including Internet Explorer - Source: ESET
pached components ie vs microsoft products chart

With Microsoft making a steady push to for PC users to adopt Windows 10 and their new Edge browser, Internet Explorer will slowly be phased out. Microsoft has even gone as far as to cease providing mainstream support, patches, or updates for Windows 7. However, as history will reveal, Microsoft products literally stand the test of time and users are slow to update them leaving Internet Explorer as a standing culprit for future malware threats and attacks. As support for Windows 8.1 and its Internet Explorer partner are still going strong, Microsoft is expected to make 2016 just as busy as last year for fixing newfound bugs and vulnerabilities within Internet Explorer.

Loading...