Microsoft programs: There were significantly more vulnerabilities reported in Microsoft programs in 2013 compared to the previous year: the share went up from 8.4% to 15.9%. The actual vulnerability count in Microsoft programs was 192 in 2013; 128.6% higher than in 2012.
Secunia said 86% of the vulnerabilities within the top 50 software products had a patch ready to be deployed on the same day that the vulnerability was disclosed. Of the top 50 programs, there are 10 zero-day vulnerabilities actively being exploited that do not have a patch.
Secunia CTO Morten R. Stengaard said in a press statement:
It is one thing that third-party programs are responsible for the majority of vulnerabilities on a typical PC, rather than Microsoft programs. However, another very important security factor is how easy it is to update Microsoft programs compared to third-party programs.
"Quite simply, the automation with which Microsoft security updates are made available to end users - through auto-updates, Configuration Management systems and update services - ensures that it is a reasonably simple task to protect private PCs and corporate infrastructures from the vulnerabilities discovered in Microsoft products," Stengaard added. "This is not so with the large number of third-party vendors, many of whom lack either the capabilities, resources or security focus to make security updates automatically and easily available."
So, Secunia says don't blame Microsoft if your computer is vulnerable. But in my book, you can blame Microsoft if you want to so long as you patch ASAP and do your best to keep you and your machine from being hacked.
Source: Network World
Sign up for Computerworld eNewsletters.