Why vulnerability patching just your Microsoft software means you might be missing 76% of vulnerabilities.
Most people have realised that vulnerability patching is important. It’s the only way to secure your organisation by eliminating the vulnerabilities that weren’t caught in the development process.
But we’re all pushed for time. We’re all juggling hundreds of different things. So it’s no surprise that we focus our attention on the software we perceive to pose the biggest risk.
For many, that’s Microsoft Windows and those popular Microsoft applications. But while regularly patching your first-party software provides excellent security, it’s only part of the picture.
And the rest of your IT is left exposed.
Microsoft vulnerabilities are a small part of the picture
Microsoft software is everywhere, a critical component of modern business. So it’s understandable that, for you, it’s considered a patching priority.
But the reality is that Microsoft vulnerabilities only make up a small part of the overall security landscape.
The Flexera Vulnerability Review 2017 showed that, in 2016:
- 17,147 application vulnerabilities were discovered
- They crossed 2,136 products
- Those products came from 246 different vendors
That means that – even if you’re regularly patching your Microsoft software – you’re missing 76% of vulnerabilities.
In other words, your exposure to attack remains huge.
The priorities of attackers
This data tells us that the priorities of the attackers who exploit application vulnerabilities don’t match our own. Of course, that’s precisely the reason why.
It’s because Microsoft applications are everywhere that many of us patch them regularly. And it’s because they are patched so regularly that attackers target third-party applications.
They attack where infrastructures are likely to be weakest. So it’s essential that you take steps to secure your non-Microsoft software, too.
An integrated approach to Microsoft and third-party patching
79% of the vulnerabilities discovered in 2013 had patches available on the day of disclosure. But the time-consuming, resource-intensive nature of monitoring and patching third-party applications leaves networks insecure – even where patches are ready to deploy.