News

Many Microsoft Patches Are Going Uninstalled

The results of an online test conducted by U.K. anti-virus firm Sophos found that more often than not, PC users don't install Microsoft's monthly patches.

The results of an online test conducted by U.K. anti-virus firm Sophos found that more often than not, PC users don't install Microsoft's monthly patches.

The results, released on Monday, were gathered from 40 days' worth of data from a sample group of 580 PCs in corporate environments, 80 percent of which failed one or more basic security tests.

Moreover, 63 percent were found lacking at least one Microsoft patch on the OS level, the Office and application levels, or the browser and media player component levels.

Bill Emerick, Sophos' vice president of product management, said in a prepared statement, "Machines that fail such a test represent 'low-hanging fruit' for cybercriminals and [are] a real danger to their corporate networks."

But according to Randy Abrams, director of technical education for IT consultancy ESET, these reports can sometimes be like "two blind men, touching different parts of an elephant. [They] may get the same results, but it doesn't cover the whole body."

"I think we have to remember that the sample sets and control groups in tests like these need to be taken into consideration," said Abrams, himself a former Microsoft security pro. "That said, we don't need a survey to tell us that people are lax about patching their systems. I think the evidence of that is that there are far fewer zero-day or new patches than there are those that are responding to a direct set of vulnerabilities."

There are several reasons for IT pros and even individual users to delay, or altogether skip, patching their systems -- one being the fact that not every patch may apply to them.

Many enterprises also hold off patching to evaluate the cost, or to avoid either re-patching or seeing their particularly tailored systems block the patches.

There's also some lingering resistance to Automatic Updates for Microsoft patches, Abrams explained. "In these cases, the systems sometimes reboot...while you're away to automatically install the patches," he said. "I think this was a case with a good intention and bad implementation on Microsoft's part."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • What's Behind Microsoft's Sudden Teams Push?

    As Skype for Business slowly gets phased out and Slack's enterprise dominance becomes less of a sure thing, the time is right for Microsoft to focus its marketing energies on its upstart collaboration tool.

  • Microsoft Releases PowerShell 7 Preview 3

    Microsoft announced on Wednesday that the PowerShell 7 Preview 3 scripting solution is now available.

  • SQL Server 2019 Release Candidate Now Available

    Microsoft on Wednesday announced the release of SQL Server 2019 release candidate (RC).

  • Confidential Computing Consortium Formed To Protect Processed Data

    A new Confidential Computing Consortium was announced on Wednesday by the Linux Foundation to boost the security of processed data.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.