Microsoft still struggles to keep Windows fully secure by patching security flaws and fixing bugs that would allow attackers to take control of a vulnerable system, but in many cases, the installed apps are the ones doing more harm to users of this particular platform.
Security institute AV-TEST has conducted a research for the past 10 years to determine the name of the programs making Windows insecure, finding out that both Java and Flash Player are responsible for 66 percent of all vulnerabilities in Windows systems exploited by malware.
The easiest way to prevent any attack from trying to exploit a found vulnerability is to always update to the latest version of the aforementioned two apps, but as a general recommendation, make sure you are deploying new builds for your programs as fast as possible.
“When exploits attack users' browsers, they do so with a high level of precision. Websites use the browser to access the user's system details, for example the versions of Windows, Java, Flash or other software that are currently being used,” AV-TEST explained.
“If they recognise a known susceptible version of such software, they load the corresponding exploit version and send it to attack the user’s system via drive-by download. Users who have not installed a good, secure protection software won’t even notice the exploit as it makes its way onto their system.”
After Java, Adobe Reader and Flash, other vulnerable apps that could expose Windows users are the built-in OS components created to handle WMF, ANI, and JPG formats. Internet Explorer, the Windows Help Center, Microsoft Office, and ActiveX are also responsible for many of the attacks carried out on Windows systems.
Microsoft is releasing patches for the found vulnerabilities on every second Tuesday of each month, so sometimes staying up to date with the latest security flaws in Windows software could really help you stay secure.