News

Microsoft: zero-day vulnerabilities do not usually pose a threat to newer Windows versions

Microsoft Security Response Center Specialist Matt Miller has calculated that since 2015 only 40% of exploits have been successfully used against the latest Windows versions.

The expert plans to report on this topic at the Usenix WOOT ’19 conference in August of this year.

In essence, this means that the vast majority of Windows 0-day vulnerabilities used in live attacks work only against older versions of the OS, and users who do not forget to install updates are usually protected from these problems.

According to statistics compiled by Miller, in two out of three cases, zero-day vulnerabilities did not work against the latest Windows versions due to the protection measures Microsoft developers added to their OS.

Read also: Microsoft renames Windows Defender to Microsoft Defender

To collect this statistics, the expert analyzed attempts to operate 0-day bugs between 2015 and 2019 (that is, since the release of Windows 10).

“Taking into account current statistics, this also means that attackers would have a better chance at searching for zero-days in older Windows versions, rather than looking for zero-days targeting the most recent release”, — said Matt Miller.

Matt Miller
Matt Miller

In addition, recently at the BlueHat Israel conference, Miller told that 0-day problems in Windows are most often used by attackers before Microsoft has the opportunity to release patches, or months later, after the company failed to correct the error.

Miller also reported that about 70% of all security problems that Microsoft had fixed in the last 12 years were memory-related issues.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button