What I'm wondering these days is why Microsoft allows IE to be so unpatched all the time? IE is to most people is Microsoft. It is the face of Microsoft's security efforts. Forget the billions of dollars spent on security over the last few years. Forget the incredible successes of IIS 6, W2K3, XP SP2, SQL, and a hundred other products. IE gets exploited monthly. Currently 23 of the 93 vulnerabilities remain unpa What I’m wondering these days is why Microsoft allows IE to be so unpatched all the time?IE is to most people is Microsoft. It is the face of Microsoft’s security efforts. Forget the billions of dollars spent on security over the last few years. Forget the incredible successes of IIS 6, W2K3, XP SP2, SQL, and a hundred other products. IE gets exploited monthly. Currently 23 of the 93 vulnerabilities remain unpatched (according to www.secunia.com). That percentage hasn’t changed much over the years. It is the one fact that I cannot dispute with critics. I have to shutup and just acknowledge it. No other browser has similar statistics.True, most unpatched vulnerabilities are non-critical. But a few are somewhat concerning, even though they are ranked un-important by Microsoft.If IE is the face of Microsoft to most people, and especially to its critics, I constantly wonder why Microsoft doesn’t make better efforts to secure IE? Forget the idea of somehow making it more secure by default, I’m talking about fixing more known holes quicker. I can only assume that IE’s product managers have made a cognitive decision to accept 25% outstanding vulnerabilities as a reasonable benchmark and risk-analysis cost benefit. A Microsoft effort to be more timely overall on IE vulnerabilities of all types would do much to further Microsoft’s growing security reputation. And I’ve somewhat given up having IE 7 being the pancea as most of the recent exploits work in IE 7 as well as they do in IE 6.Just hoping one day. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe