We released the latest volume of the Microsoft Security Intelligence Report last week. The latest data on how different versions of the Windows operating system are mitigating modern malware attacks suggests that newer versions are performing better than older versions.
The figure below illustrates the malware infection rates for Windows client and server operating systems in the third and fourth quarters of 2014 based on data from hundreds of millions of systems worldwide. This data is normalized, meaning the infection rate for each version of Windows is calculated by comparing an equal number of computers per version; for example, comparing 1,000 Windows Vista Service Pack 2 (SP2) based systems to 1,000 Windows 8.1 based systems in the fourth quarter of 2014 we can see 5.2 Windows Vista based systems infected with malware compared to 1.3 Windows 8.1 systems infected. In percentage terms, that’s equivalent to 0.52% of Windows Vista based systems (5.2/1,000*100 = 0.52) compared to 0.13% of Windows 8.1 based systems (1.3/1,000*100) infected with malware.
Figure: Infection rate by client and server operating system in the third and fourth quarters of 2014 (3Q14/4Q14)
The newest versions of both Windows client and server operating systems had the lowest malware infection rates during the period, by a large margin.
Some of the CISOs and IT professionals I talk to use this operating system infection rate data to help make a business case for upgrading to newer, more secure software or deploying more secure service packs for their current platforms. As you can see from the latest data, newer is better across the board.
You can download this data in volume 18 of the Microsoft Security Intelligence Report at http://microsoft.com/sir.
Tim Rains
Chief Security Advisor
Worldwide Cybersecurity & Data Protection
Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers.
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.
Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability in the GRUB2, U-boot, and Barebox bootloaders.
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain.
Notifications
