14 DAY TRIAL // Microsoft rolled out a total of 13 security updates as part of this month’s Patch Tuesday cycle, but while the company is very effective in patching flaws found these days, statistics show that the number of vulnerabilities found in Windows and the other Microsoft software is growing.
Data offered by security company Qualys indicates that Microsoft has provided us with a record number of patches in 2015, as the total count for the year has already reached 53. And we’re only in May, with forecasts estimating that, by December, the company should release approximately 140 patches.
As you can see in the graph above, the number of patches that Microsoft rolled out last year dropped significantly from 2013, but this year’s figures are already the biggest in the last six years, at least until May.
So the big question right now is why so many vulnerabilities were discovered in just 5 months. Is Windows less secure or are hackers and security researchers more active and more effective in finding flaws?
Windows, IE, and Flash are hackers’ preferred targets
An analysis made by Qualys reveals that Windows, Internet Explorer, and Adobe’s Flash Player continue to be the preferred targets for hackers, so no less than 5 percent of the found remote code execution vulnerabilities are said to be having working exploits. So it all comes down to Microsoft and how fast it reacts to patching flaws in its software.
“Attackers have at their disposal a number of exploits for a diverse set of vulnerabilities to adapt to the target’s machine. It is safe to say that their favorite attack vectors include Internet Explorer, native Windows vulnerabilities and Adobe Flash, which all receive monthly updates publishing upwards of 20 CVEs per month. You should be prepared to install these updates as quickly as possible,” the analysis reads.
What’s more, 50 percent of the new flaws are being exploited in the first two weeks after they are discovered, so it’s essential for Microsoft to patch them as soon as possible.
In the end, it’s hard to provide you with an accurate answer to this question, but the most important thing here is for Microsoft to react as fast as possible. And with Windows 10, Microsoft promises to make no mistake in this because of the new Windows as a Service approach.