The security engineer Microsoft products Security Response Center, Matt Miller, said many of the zero-day vulnerabilities are ineffective in new versions of Windows 10.
Miller analyzed zero-day attacks from 2015 to 2019, focusing on whether the attacks exploiting these vulnerabilities have become less common after the release of Windows 10. The report concluded that over 40% of zero-day attacks failed to affect Windows 10 from 2015 due to security measures added to the latest operating system.
At the congress BlueHat for security, which took place in February in Israel, Miller said most windows vulnerabilities are exploited as zero-days. These vulnerabilities become the target of malicious agents either before Microsoft has the opportunity to release a patch or if companies fail to fix a security issue.
According to Miller, two in three cases, the zero day attack did not work with the latest Windows 10 updates. However, the fact remains that even one in three times hackers were able to breach the "safest OS system".
A study carried out by the Ponumon Institute, 2018, showed that zero-day attacks, along with fileless attacks, were the most widespread for businesses. While a large business could create one patch soon enough, many small businesses do not have enough money to develop patches in time. And every day that passes without being repaired has financial costs for a company.
In October, a researcher discovered a zero-day vulnerability in Windows 10, which allowed attackers to delete files without the user's permission. And although Microsoft responded quickly and corrected the vulnerability of this kind attacks on a daily basis.