14 DAY TRIAL // Critics often refer to Windows as a very vulnerable operating system, pretty much because the majority of attacks are actually launched against users running Microsoft's flagship operating system.
While it's pretty obvious that the bigger the market share, the more attacks are launched at a specific platform, security experts point to the number of security updates rolled out in the last few years as living proof that Windows security has significantly improved lately.
Last year, for example, Microsoft rolled out no less than 46 security updates in the first months, while this year the number has dropped to 36. This is because the company has managed to fix the biggest security issues found in the software, so only a handful of glitches actually exist in Windows, Office, Internet Explorer or any other product in its lineup.
“We have become accustomed to see around 100 security bulletins for Microsoft products a year, but it looks as if we are in for fewer this year. This runs counter to the general tendency of the year which has already seen its shares of big breaches, 0-days and the big Heartbleed vulnerability in OpenSSL,” Qualys CTO Wolfgang Kandek explained today.
“Maybe the reduced count is based on the increased presence of vulnerability brokers that buy up vulnerabilities for internal use? We will see how the second part of the year develops.”
This month alone, the company rolled out a total of 7 different security bulletins, two rated as critical and five considered to be important. However, the number of fixed vulnerabilities is a lot bigger, as the company found a total of 66 security flaws in its software, 59 in Internet Explorer only.
Of course, today's Patch Tuesday cycle does not include any fixes for Windows XP, the OS version that no longer receives updates and security improvements since April 8, 2014.
As a result, security experts are recommending XP users to upgrade as soon as possible in order to make sure that they are fully secure, especially because most of the bugs patched today also exist in the unsupported version of Windows.
“For Windows XP users: The majority of these vulnerabilities apply to your operating system, including remote code execution against IE (MS14-035), Word (MS14-034) and GDI+ (MS14-036). You should update or replace all XP machines with supported versions urgently,” Kandek pointed out in an advisory this morning, emphasizing that the security risks of staying on Windows XP are increasing.