A study presented at the Bluehat Security Conference showed that continuous security improvements in Windows have yielded benefits.Hackers'Vulnerability Attacks on Windows Reduce Effectively。
Microsoft security engineers say that if vulnerabilities are exploited, they are more likely to be used for 0-day vulnerability attacks, and the widespread use of large-scale security vulnerabilities for Microsoft users is not common.
Although the data show that there are more known vulnerabilities in Microsoft products, these vulnerabilities are rarely exploited by hackers to attack unprocessed PCs within 30 days.
This shows that Microsoft's security department work has played a role, and Microsoft's security functions such as DEP, ASLR and improved sandbox work well. Over the past few years, only 2% to 3% of all vulnerabilities have been exploited within 30 days of patches being distributed on Windows, and non-zero-day vulnerabilities released during this period are now uncommon.
These also provide a basis for the argument that there is little possibility of malicious software attacks by delaying Windows patches for 30 days.