Microsoft examined infections reported by their Malicious Software Removal Tool (MSRT) Less than 1 percent of infections reported came from zero-day vulnerabilities, 0.12 percent to be exact. The remaining infections were propagated through social engineering, AutoRun exploitation, file infection and password attacks. The report suggests patch management is key going forward going forward. Ninety percent of the recorded attacks are listed as Update Long Available, according to the general manager of Microsoft s Malware Protection Center (MMPC)
Source: https://threatpost.com/zero-day-flaws-overvalued-says-new-microsoft-report-101111/75737/