Microsoft Security Response Center Specialist Matt Miller has calculated that since 2015 only 40% of exploits have been successfully used against the latest Windows versions.
The expert plans to report on this topic at the Usenix WOOT ’19 conference in August of this year.In essence, this means that the vast majority of Windows 0-day vulnerabilities used in live attacks work only against older versions of the OS, and users who do not forget to install updates are usually protected from these problems.
According to statistics compiled by Miller, in two out of three cases, zero-day vulnerabilities did not work against the latest Windows versions due to the protection measures Microsoft developers added to their OS.
Read also: Microsoft renames Windows Defender to Microsoft Defender
To collect this statistics, the expert analyzed attempts to operate 0-day bugs between 2015 and 2019 (that is, since the release of Windows 10).
“Taking into account current statistics, this also means that attackers would have a better chance at searching for zero-days in older Windows versions, rather than looking for zero-days targeting the most recent release”, — said Matt Miller.
In addition, recently at the BlueHat Israel conference, Miller told that 0-day problems in Windows are most often used by attackers before Microsoft has the opportunity to release patches, or months later, after the company failed to correct the error.
Miller also reported that about 70% of all security problems that Microsoft had fixed in the last 12 years were memory-related issues.
