Sophoss free Endpoint Assessment Test has scanned Windows computers on thousands of different business networks over the last year. The most common missing patch on Windows computers is an operating system vulnerability fix, followed by patches for Microsoft Office:. The test was only run on Windows, but end users can be missing patches from one of more categories, and that the test was run on the Windows computers. The results were made by the results from Sophos’s free Endpoints Assessment Test* which has been run by companies running the test.”]
Source: https://grahamcluley.com/ten-work-pcs-fail-basic-security/

