Most end users, and even some IT pros, feel pretty safe if they have up-to-date anti-virus/antimalware, firewalls turned on, and complex passwords in place. This overlooks one of the biggest threats to your PC and network – poor or non-existent patching.
The vast majority of successful exploits are against unpatched machines, some 85% according to US-CERT, part of the US Department of Homeland Security.
Why is This So Bad?
While viruses can be a nuisance (and often worse) to unprotected machines, the kind of attacks aimed at unpatched machines can be far worse. These are targeted at doing real damage – stealing data, escalation of privilege, releasing bots, gaining deep entry into the network, and worse.