14 DAY TRIAL // According to Microsoft's security team and data from its anti-malware products, during 2015, the most popular security exploit was CVE-2010-2568, a vulnerability discovered in 2010 and also used in the infamous Stuxnet attacks.
CVE-2010-2568 is a security bug found in older versions of the Windows Shell and affects Microsoft's Windows 7, Vista, XP, Server 2008 and Server 2003 operating systems.
The vulnerability allows an attacker to deploy LNK or PIF files on an affected system and then execute code on the user's computer, effectively taking over the device.
Issue was fixed a long, long time ago
Microsoft fixed the issue back in 2010, but that didn't automatically mean it was fixed on everyone's computers, many users still failing to update their PCs or continuing to install Windows from older sources and never applying security updates.
Surprisingly, this was the favorite method of attacking Windows computers during 2015, as Microsoft explained last week in its latest Security Intelligence Report (SIR).
What this means is that hackers are actively targeting older systems, knowing they lack all the new security features that Microsoft added in order to harden Windows 8, 8.1 and 10.
This also shows that Microsoft's dedication to improving Windows overall security is working and that attackers are having a hard time penetrating more modern systems and are still focusing their efforts on older PCs, knowing they could still be successful.
Exploit kits are insanely popular
The same report says that during the past year, hackers preferred exploit kits for delivering their malicious code more than any other delivery method, which is to no surprise since exploit kits automate the actual infection process, compared to other methods that require social engineering, such as booby-trapped documents.
As for the most popular malware family, the title went to the Win32/Gamarue, one of the biggest and oldest botnets around.
Microsoft is also warning about an increase of PUP (Potentially Unwanted Programs) and an increase in phishing attacks that target the online presence of financial institutions.
The report also highlights positive findings, the company revealing that the number of users that employ real-time security software is growing. According to the company, the needle has moved from 74.3 percent to 77.1 percent during all last year.
