If software vulnerabilities were the new it bleeds it leads, news organizations would report on little else.
Still, you have to credit The Hacker News with a great graphic for Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again! by Swati Khandelwal.
Microsoft is once again facing embarrassment for not patching a vulnerability on time.
Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.
… (emphasis in original)
The Google report is more immediately useful but far less amusing that this post by Swati Khandelwal.
Swati reports that without an emergency patch from Microsoft this month, attackers have almost 30 days to exploit this vulnerability.
No rush considering the Verizon 2016 Data Breach Investigations Report shows hacks known since before 1999 are still viable:
Taking that into account, plus the layering of insecure software on top of insecure software strategy of most potential targets:
…
According to the Cisco 2017 Security Capabilities Benchmark Study, most companies use more than five security vendors and more than five security products in their environment. Fifty-five percent of the security professionals use at least six vendors; 45 percent use anywhere from one to five vendors; and 65 percent use six or more products.
… (Cisco 2017 Annual Cybersecurity Report, page 5)
Small targets could be more secure by going bare and pointing potential attackers to bank, competitor and finance targets with a BetterTargetsREADME file. (Warning: That is an untested suggestion.)