- The report by Kenna Security displays the comparative risk surface of devices based on the OS being used.
- Comparing the number of vulnerabilities found on Microsoft devices with Apple, Unix, and Linux, and how much of these are patched by Microsoft.
- Microsoft is fixing those vulnerabilities in the shortest possible period.
The new report published by Kenna security, found that most devices have vulnerabilities whether they are using operating system from Apple, Microsoft, Linux, Unix or other IoT and network devices. Notably, Windows 10 contained more number of vulnerabilities as compared to others.
Kenna Security studied the number of vulnerabilities in nine million devices across 450 organizations and found that more than 50% of those organizations used 85% or more devices operating on Windows 10. Microsoft machines contained 215 million vulnerabilities out of which 179 million have been fixed by Microsoft and 36 million are still unpatched.
These 36 million vulnerabilities are still more than the number of patched and unpatched vulnerabilities found in Linux, Mac, Unix, and network devices combined. Windows 10 PCs specifically contained 14 open vulnerabilities with acknowledged exploits on average.
The good news is that Microsoft fixes these vulnerabilities quickly as compared to network devices. 199 vulnerabilities were found in Microsoft devices each month on average and were fixed within 36 days on average while network devices found 3.6 vulnerabilities on average and it took them 369 days on average to dispatch those vulnerabilities.
Wade Baker, partner, and founder at Cyentia Institute independently performed data analysis of Kenna Security’s report and said that the speed at which Microsoft dispatched those vulnerabilities while using the automated patching and Patch Tuesdays is remarkable. Baker warned that devices like wifi routers and printers contain high vulnerability risk and suggested the companies to form their vulnerability management policies around these trade-offs. The CTO at Kenna Security, Ed Bellis stated that the report shared by Kenna Security will help organizations to better calculate vulnerability risk based on their assets in their specific circumstances.
In the end, we can say that it all depends on your vulnerability risk tolerance and awareness about the strengths and deficiencies of respective platforms. Microsoft machines may have significant vulnerabilities risk but they are dispatching those vulnerabilities in the shortest possible period reducing the attack surface swiftly.
Read next: Report Highlights 100+ Malicious Android Apps And Shady Developers Behind Them