Microsoft Software Flaws Increase Sharply But Majority Affect IE

A new report by security vendor ESET holds mixed news for enterprises running on Microsoft technology.

Microsoft last year fixed nearly twice as many vulnerabilities across all its products than it did in 2013. But a vast majority of the reported flaws were in Microsoft's Internet Explorer browser, suggesting that the company's efforts to secure its core Windows operating system environment itself may finally be working. "Windows overall had a more secure year than in 2013," says Aryeh Goretsky, security researcher at ESET. There were relatively fewer zero-day flaws and other major vulnerabilities that Microsoft had to patch in Win 32, Office, .Net, and other major Windows components compared to a year ago.

"A lot of the attacks we saw were fairly routine pieces of code doing routine kinds of attacks," Goretsky says. "We didn't see any particularly stealthy or military grade Stuxnet-like malware," targeting Windows in all 2014, Goretsky says. "What we saw were just regular malware families that have been around for several years being updated as new vulnerabilities become available," through the year.