Skip to main content

Add as a preferred source on Google


News

Survey: Many Microsoft Patches Are Going Uninstalled

The results of an online test conducted by U.K. anti-virus firm Sophos found that more often than not, PC users don't install Microsoft's monthly patches.

The results, released on Monday, were gathered from 40 days' worth of data from a sample group of 580 PCs in corporate environments, 80 percent of which failed one or more basic security tests.

Moreover, 63 percent were found lacking at least one Microsoft patch on the OS level, the Office and application levels, or the browser and media player component levels.

Bill Emerick, Sophos' vice president of product management, said in a prepared statement, "Machines that fail such a test represent 'low-hanging fruit' for cybercriminals and [are] a real danger to their corporate networks."

But according to Randy Abrams, director of technical education for IT consultancy ESET, these reports can sometimes be like "two blind men, touching different parts of an elephant. [They] may get the same results, but it doesn't cover the whole body."

"I think we have to remember that the sample sets and control groups in tests like these need to be taken into consideration," said Abrams, himself a former Microsoft security pro. "That said, we don't need a survey to tell us that people are lax about patching their systems. I think the evidence of that is that there are far fewer zero-day or new patches than there are those that are responding to a direct set of vulnerabilities."

There are several reasons for IT pros and even individual users to delay, or altogether skip, patching their systems -- one being the fact that not every patch may apply to them.

Many enterprises also hold off patching to evaluate the cost, or to avoid either re-patching or seeing their particularly tailored systems block the patches.

There's also some lingering resistance to Automatic Updates for Microsoft patches, Abrams explained. "In these cases, the systems sometimes reboot...while you're away to automatically install the patches," he said. "I think this was a case with a good intention and bad implementation on Microsoft's part."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • VS Code 1.123 Adds Agent Session Sync, 1M Context Windows

    Microsoft released Visual Studio Code 1.123 on June 3, adding agent-focused features, larger model context support, integrated browser updates and a new delay for some automatic extension updates.

  • Copilot Billing Shock Hits Developers

    Developer complaints about GitHub Copilot's new usage-based billing model have centered on unexpectedly rapid AI credit consumption, and neither GitHub nor Microsoft has responded directly to the backlash, though they have previously published guidance to lessen model usage costs.

  • Hands On with GitHub Copilot App Technical Preview: Turning a Blazor Issue into a PR

    GitHub's brand-new Copilot desktop app, in technical preview, handled a small Blazor issue from planning through pull request creation, but the hands-on test also showed why developers still need to verify agent work in the running app before merging.

  • At Build 2026, Microsoft Sets Up Windows as an OS for AI Agents

    Microsoft's Build 2026 Windows developer announcements point to a broader platform strategy for agentic AI, spanning terminal workflows, local models, app-building skills, Cloud PCs and operating system-level containment.

Most   Popular

Subscribe on YouTube