Microsoft has more vulnerabilities than Linux and MacOS

Kenna Security and the Cyentia Institute have released a new report which studies the risk profile of Microsoft, Linux, and Mac assets.

Cyentia Research Institute wrote the “Prioritization to Prediction, Volume 5: In Search of Assets at Risk” report, which is based on Kenna Security’s data of 9 million assets from 450 organizations.

The report points out that 70% of Microsoft assets have at least one high-risk vulnerability. During the entire study period, researchers discovered a total of 215 million vulnerabilities in Microsoft assets, including 179 million vulnerabilities that have been fixed, accounting for 83%. According to Kenna Security, the remaining 36 million unpatched vulnerabilities are higher than the combined assets of Max, Linux, and Unix.

Microsoft also has the highest percentage of closed high-risk vulnerabilities, at 83%. It is closely followed by Apple OSX, followed by Linux/Unix and network devices/IoT devices. In addition, 40% of Linux and Unix assets and 30% of network devices have known vulnerabilities.

However, Kenna Security also pointed out that fewer vulnerabilities do not necessarily mean that the device is more secure. In a world where a single high-risk vulnerability may have catastrophic consequences, effective patch priority and speed are critical to security, regardless of device or software type.

Although Microsoft has more vulnerabilities than other vulnerabilities, this does not necessarily mean that it has a total risk, because Microsoft can also fix vulnerabilities faster. The report found that Windows-based assets have an average of 119 vulnerabilities every month, and these vulnerabilities are patched on average every 36 days. Compared with this, network equipment has an average of only 3.6 vulnerabilities per month, but these vulnerabilities take approximately one year to complete the patch.

Apple’s patch rate is second-highest at 79%. The patch rate of Linux, Unix, and other network devices is 66%.