Global investigation reveals security weaknesses in Windows assets

An investigation sifted through 2.5 million vulnerabilities in customer IT assets, finding that 52% of severe vulnerabilities related to Windows 10. By scanning a range of assets including network devices, web servers and internal systems, It is noted that the number of critical vulnerabilities has decreased compared to last year, a sign of greater attention in responding to security reports. Windows vulnerabilities, including those related to third-party software, are more important than other platforms such as Linux systems.

Threat severity classification

The distribution of vulnerability severities shows that 79% fall into the “High” or “Medium” categories. However, the focus is on the 50.4% that pose serious risks (“Critical” or “High”). 78% of these are resolved within the first 30 days of discovery, but aging remnants remain problematic, with approximately 35% of vulnerabilities reported older than 120 days.

Sectoral comparison of vulnerabilities

By applying the NAICS classification to the data, we observe how different sectors show disparities. The construction industry stands out for its excellent management with only 12.12 reports per asset, unlike the extractive industry which highlights 76.25 problems per asset. Public Administrations surprisingly outperform the Finance and Insurance sector in efficiency, showing fewer vulnerabilities per asset despite a greater quantity of resources.

Effectiveness of the penetration test

Penetration testing plays a key role in threat management, simulating cyber attacks to detect and prioritize vulnerabilities. Our teams of ethical hackers, in this panorama, have underlined that 17.67% of discoveries are considered serious. This witness activity should be seen as an important proactive defense tool for companies to implement to strengthen their cybersecurity.