14 DAY TRIAL // Forced Windows updates are a concept that Microsoft doesn’t want to discuss too often, mostly because the company’s tactics have been under fire since it rolled out Windows 10 back in July 2015.
In addition to upgrading some devices to Windows 10 without users’ consent, Microsoft also decided originally to provide Windows 10 Home users with no delay options as far as updates shipped to their devices via Windows Update go.
More recently, however, Microsoft had a slight change of mind, allowing Home users to delay the updates for up to 7 days, after which their devices are automatically updated.
But when it comes to the reason for installing Windows updates when they become available, Microsoft itself proved recently that the risk of security exploits isn’t the top concern.
At the Blue Hat IL event earlier this month, data shared by Microsoft’s Security Response Center revealed that most of the cyber-attacks aimed at Windows computers aren’t based on patched exploits, but on zero days.
In other words, even if you keep your computer fully up-to-date, there’s still a chance your device could be compromised, as attackers typically rely on zero-days that haven’t been patched by Microsoft.
Installing updates when they are released: yes or no?
According to Redmond’s own data, only 2% to 3% of the patched vulnerabilities are being exploited in attacks launched 30 days after the update becomes available.
“If a vulnerability is exploited, it is most likely going to be exploited as zero day. It is now uncommon to see a non-zero-day exploit released within 30 days of a patch being available. When a vulnerability is exploited as zero day, it is most likely to first be used in a target attack. Older software versions are typically targeted by exploit,” one of the slides reads.
Of course, while these numbers appear to suggest that you can very well wait a little bit longer before installing the latest Windows security updates, users who delay patching face the risks of being targeted by one of the 3% of the attacks mentioned above.
The next Patch Tuesday cycle takes place tomorrow, so this is pretty much the best moment to take a minute and consider your next decision over Windows updates.
Via CW