There is quite a bit of commotion against forced Windows updates, ever since Microsoft outlined this strategy around the launch of Windows 10 on that fine July day in 2015.
And ironically, it only took the company some three years to prove it doesn’t make sense.
The software titan originally decided against providing Windows 10 Home users with an option to delay updates that are shipped to their devices. Many took it as a sign that this was due to security reasons, and keeping the userbase up-to-date was a priority.
More recently, the company has had a slight change of heart, and allows Home user to delay the updates for 7 days, after which their devices are automatically updated.
And now the company has itself proved that the risk of security exploits isn’t the top concern.
At the BlueHat IL event earlier this month, the Microsoft Security Response Center has shared some new data that reveals that most of the cyberattacks aimed at Windows computers are not based on patched exploits, but zero-day flaws.
0-day, as some like to call them.
“If a vulnerability is exploited, it is most likely going to be exploited as zero day. It is now uncommon to see a non-zero-day exploit released within 30 days of a patch being available. When a vulnerability is exploited as zero day, it is most likely to first be used in a target attack. Older software versions are typically targeted by exploit.”
What this means is that even if you keep your computers fully up to date, there is still a chance that your device will get compromised by attackers that rely on these new vulnerabilities that are yet to be patched by Microsoft.
The data suggests that only 2% to 3% of the patched vulnerabilities are being exploited in attacks that are launched 30 days after update becomes available.
Who could tell!