Microsoft's Application Cross-Site Scripting Security Vulnerabilities and Mitigation Tactics

Computer memory corruption issues are very common these days, with stack overflows, heap overflows and integer overflows being some examples of subcategories of these. Vulnerabilities that are classified as remote code execution or arbitrary code execution issues are often rated most critical, because if an attacker is able to run executables, he may be able to take complete control of a computer. That means he can access all the data (and change, delete or expose it), but the problem is bigger than that. If he gains administrative privileges, he can change permissions on files, add or remove other users from the admin group (or create new user accounts and delete other accounts altogether), change the configuration settings and even use the machine to bring down the network. Escalation of privilege vulnerabilities are often exploited in conjunction with RCE flaws, then, to gain that admin access. Web browsers are one of the most commonly exploited applications, because unlike many applications, they are used by practically everybody who uses the Internet. Almost everyone has multiple web browsers installed on our machines and most of us use one every day. It’s no wonder the browser is a favorite target of attackers who hunt down flaw that they can leverage to do their dirty work, and a top focus for security researchers who seek to find and report vulnerabilities so they can be patched before exploits occur “in the wild.” In 2014, the number of web browser vulnerabilities increased sharply. Cross-site scripting (XSS) flaws are a common type of vulnerability that’s often found in web applications.How can business and personal computer users mitigate against XXS scripting flaws? Share your recommendations with the Cloud and Cyber Security Center .