{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:32:00Z","timestamp":1773246720363,"version":"3.50.1"},"reference-count":16,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2023,7,24]],"date-time":"2023-07-24T00:00:00Z","timestamp":1690156800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"DoD Center of Excellence in AI and Machine Learning (CoE-AIML)","award":["#1828811"],"award-info":[{"award-number":["#1828811"]}]},{"name":"DoD Center of Excellence in AI and Machine Learning (CoE-AIML)","award":["2017-ST-062-000003"],"award-info":[{"award-number":["2017-ST-062-000003"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Operating systems play a crucial role in computer systems, serving as the fundamental infrastructure that supports a wide range of applications and services. However, they are also prime targets for malicious actors seeking to exploit vulnerabilities and compromise system security. This is a crucial area that requires active research; however, OS vulnerabilities have not been actively studied in recent years. Therefore, we conduct a comprehensive analysis of OS vulnerabilities, aiming to enhance the understanding of their trends, severity, and common weaknesses. Our research methodology encompasses data preparation, sampling of vulnerable OS categories and versions, and an in-depth analysis of trends, severity levels, and types of OS vulnerabilities. We scrape the high-level data from reliable and recognized sources to generate two refined OS vulnerability datasets: one for OS categories and another for OS versions. Our study reveals the susceptibility of popular operating systems such as Windows, Windows Server, Debian Linux, and Mac OS. Specifically, Windows 10, Windows 11, Android (v11.0, v12.0, v13.0), Windows Server 2012, Debian Linux (v10.0, v11.0), Fedora 37, and HarmonyOS 2, are identified as the most vulnerable OS versions in recent years (2021\u20132022). Notably, these vulnerabilities exhibit a high severity, with maximum CVSS scores falling into the 7\u20138 and 9\u201310 range. Common vulnerability types, including CWE-119, CWE-20, CWE-200, and CWE-787, are prevalent in these OSs and require specific attention from OS vendors. The findings on trends, severity, and types of OS vulnerabilities from this research will serve as a valuable resource for vendors, security professionals, and end-users, empowering them to enhance OS security measures, prioritize vulnerability management efforts, and make informed decisions to mitigate risks associated with these vulnerabilities.<\/jats:p>","DOI":"10.3390\/fi15070248","type":"journal-article","created":{"date-parts":[[2023,7,24]],"date-time":"2023-07-24T03:03:25Z","timestamp":1690167805000},"page":"248","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Unveiling the Landscape of Operating System Vulnerabilities"],"prefix":"10.3390","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0699-4889","authenticated-orcid":false,"given":"Manish","family":"Bhurtel","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, Howard University, Washington, DC 20059, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3638-3464","authenticated-orcid":false,"given":"Danda B.","family":"Rawat","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, Howard University, Washington, DC 20059, USA"}]}],"member":"1968","published-online":{"date-parts":[[2023,7,24]]},"reference":[{"key":"ref_1","unstructured":"Microsoft (2023, June 01). Windows Secure Channel Denial of Service Vulnerability. Available online: https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-21813."},{"key":"ref_2","unstructured":"Research, G.S. (2023, June 01). Linux (Ubuntu)\u2013Other Users Coredumps Can Be Read via Setgid Directory and killpriv Bypass. Available online: https:\/\/www.exploit-db.com\/exploits\/45033."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Gorbenko, A., Romanovsky, A., Tarasyuk, O., and Biloborodov, O. (2017, January 23\u201326). Experience report: Study of vulnerabilities of enterprise operating systems. Proceedings of the 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), Toulouse, France.","DOI":"10.1109\/ISSRE.2017.20"},{"key":"ref_4","unstructured":"Cheikes, B.A., Waltermire, D., Kent, K.A., and Waltermire, D. (2023, June 02). Common Platform Enumeration: Naming Specification Version 2.3, Available online: https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/7695\/final."},{"key":"ref_5","unstructured":"Peterson, J.L., and Silberschatz, A. (1985). Operating System Concepts, Addison-Wesley Longman Publishing Co., Inc."},{"key":"ref_6","unstructured":"Mell, P., Scarfone, K., and Romanosky, S. (2023, June 05). The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems, Available online: https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/7435\/final."},{"key":"ref_7","unstructured":"Christey, S., Kenderdine, J., Mazella, J., and Miles, B. (2013). Common Weakness Enumeration, Mitre Corporation. Available online: https:\/\/cwe.mitre.org\/documents\/views\/view-evolution.html."},{"key":"ref_8","unstructured":"Vander-Pallen, M.A., Addai, P., Isteefanos, S., and Mohd, T.K. (2022, January 6\u20139). Survey on types of cyber attacks on operating system vulnerabilities since 2018 onwards. Proceedings of the 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA."},{"key":"ref_9","first-page":"1433","article-title":"A novel approach to continuous CVE analysis on enterprise operating systems for system vulnerability assessment","volume":"14","author":"Kocaman","year":"2022","journal-title":"Int. J. Inf. Technol."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"102938","DOI":"10.1016\/j.cose.2022.102938","article-title":"Attack Dynamics: An Automatic Attack Graph Generation Framework Based on System Topology, CAPEC, CWE, and CVE Databases","volume":"123","author":"Sonmez","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_11","unstructured":"Sharma, G., Kumar, A., and Sharma, V. (2011). Windows operating system vulnerabilities. Int. J. Comput. Corp. Res., 1."},{"key":"ref_12","unstructured":"Niu, S., Mo, J., Zhang, Z., and Lv, Z. (June, January 31). Overview of linux vulnerabilities. Proceedings of the 2nd International Conference on Soft Computing in Information Communication Technology, Taipei, Taiwan."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"863","DOI":"10.21917\/ijct.2014.0122","article-title":"Analysis of android vulnerabilities and modern exploitation techniques","volume":"5","author":"Shewale","year":"2014","journal-title":"ICTACT J. Commun. Technol."},{"key":"ref_14","first-page":"1","article-title":"An analytical approach to assess and compare the vulnerability risk of operating systems","volume":"12","author":"Kaluarachchilage","year":"2020","journal-title":"Int. J. Comput. Netw. Inf. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"11224","DOI":"10.1109\/JIOT.2023.3252594","article-title":"Advances in IoT Security: Vulnerabilities, Enabled Criminal Services, Attacks and Countermeasures","volume":"10","author":"Siwakoti","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/TR.2019.2897248","article-title":"From analyzing operating system vulnerabilities to designing multiversion intrusion-tolerant architectures","volume":"69","author":"Gorbenko","year":"2019","journal-title":"IEEE Trans. Reliab."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/15\/7\/248\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T20:17:42Z","timestamp":1760127462000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/15\/7\/248"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,24]]},"references-count":16,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2023,7]]}},"alternative-id":["fi15070248"],"URL":"https:\/\/doi.org\/10.3390\/fi15070248","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,24]]}}}