The so-called zero-day exploit is a software vulnerability that cybercriminals are aware of before the patch publishes. It is customary for people discovering zero-day exploits to report them to software developers (so-called “white hat” hackers). However, it often happens that these are sold on the black market to malware creators (black hat hackers are responsible for this). That’s the introduction.
One of the Microsoft Security Response Center engineers, Matt Miller, shared statistics on attacks on Windows 10 using zero-day exploits. These in most cases prove ineffective against the latest version of Windows.
According to statistics released today, only 38% of all vulnerabilities of this type have been successfully exploited against the latest versions of Windows from 2015 to 2019. This means that more than 2/3 of attacks work only against older than the current version of Windows (website malware scanner).
According to Miller, all of this means that most attacks using zero-day sensitivity are targeted against Windows users using outdated software. Interestingly, as many as 70% of all security-related system bugs that were detected in the last 12 years were related to memory management.
Are the above data a surprise? It seems to us that the answer is negative for a large group of people aware of the fact that installing system updates on a regular basis is the only effective method to effectively defend against numerous vulnerabilities in the software. However, there is a large group of people who delay or even disable updates. Is it worth doing in the face of numerous threats?
Well, we do not forget that Microsoft is known for various mishaps related to shortcomings in the released updates for Windows 10.