Connect with us

Hi, what are you looking for?



This is What Microsoft’s Vulnerability Patching Efforts Looked Like in 2015

IE, Windows UMC Vulnerabilities Fueled Microsoft’s 2015 Patch Efforts

IE, Windows UMC Vulnerabilities Fueled Microsoft’s 2015 Patch Efforts

Microsoft patched more than 570 vulnerabilities in its products in 2015, the most of which affected the Internet Explorer (IE) browser, according to analysis from ESET.

ESET researchers sifted through vulnerability data gathered throughout 2015, and have created a report (PDF) to provide a look into the most affected components in Windows and to help increase user awareness on the importance of patching.

Following IE, various user mode Windows components (Windows UMC) saw the most resolved flaws, ESET said, and Microsoft Office ended in third place on the list.

According to the numbers, four times more Windows UMC vulnerabilities were patched in 2015 when compared to the previous year, and Office received more than two times the number of fixes compared to 2014. The number of IE vulnerabilities fixed in 2015 dropped slightly year-on-year.

Microsoft Patches in 2015

Other Windows components that saw a significant increase in patches include kernel mode (KM) drivers and the win32k.sys kernel component  of the Windows GUI, both of which are targeted by attackers looking to gain system privileges on a victim’s machine. By exploiting these vulnerabilities, attackers can remotely execute code directly in kernel mode and can gain control of PC’s resources.

A Mount Manager Local Privilege Escalation (LPE) Vulnerability (CVE-2015-1769) was one of the most important LPE vulnerabilities fixed last year, found to affect all client and server editions of Windows from Vista onward. By exploiting it, attackers could run arbitrary code from a removable USB drive with system privileges.

Advertisement. Scroll to continue reading.

Located in the system driver http.sys on Windows 7 and later, CVE-2015-1635 was another serious flaw resolved in 2015. The flaw could allow attackers execute malicious code remotely with system privileges, launch DoS attacks, or to bring down a targeted system with a Blue Screen of Death (BSoD).

Another important threat to Windows systems in 2015 was the Hacking Team breach, which resulted in leaked 0day exploits for Windows, Flash Player and Internet Explorer that could be used in specialized tools such as Exploit Kits to gain high infection rates.

In fact, Italy-based Hacking Team provided its customers with the ability to deploy backdoors not only on Windows machines, but also on Linux, Android, OS X, and iOS devices. Furthermore, it was revealed that exploits for Flash Player were meant to work for IE and Edge, Google Chrome, Mozilla Firefox, and Opera, and to affect Windows, Linux, and Apple OS X machines, the report shows.

Some browsers have implemented a series of counter measures to prevent attacks, such as Google Chrome and Microsoft Edge. For Chrome, the “PPAPI win32k lockdown” option allows users lockdown win32k for Flash/PDF plugins or for all render processes, as well as special checks and a new type of heap allocation to protect Flash Player process from buffer overflows.

Microsoft Edge, on the other hand, is protected against binary injection, courtesy of an option that prevents DLLs from being loaded into the browser unless the library is signed with a Microsoft digital certificate or with a Windows Hardware Quality Lab (WHQL) certificate from Microsoft. 

With many of the Windows flaws that Microsoft patched in 2015 being 0day vulnerabilities, and with exploits already used in attacks to compromise systems, users must understand the importance of installing security updates in a timely manner.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.