Nearly all the rest happen because the mealy-mouthed, weak-willed customer has failed to live up to his or her responsibility by making sure all the patches available for all the software he or she uses are installed immediately, installed correctly and are functioning properly within the machine they operate only at the will and by license from Microsoft, which still owns the software and can take it back at any time, you betcha, especially if you act ungrateful and talk back to it and get all demanding.
Customers are irresponsible and out of luck, not to put too fine a point on it, who don't spend all their time making sure all the patches are installed and that they weren't infected by malware because they continued to work – connected to the Internet – while their patches downloaded and their antivirus was turned off because the patches won't install correctly with the A/V on.
Microsoft wastes little time acknowledging that the coterie of security flaws and outright gaffes in its own products have contributed heftily to the tenuous security position of the average network-connected PC.
It spares few words discussing the promiscuous behavior of its browsers and security software, drivers, databases and an application environment that, until the most recent versions, invited any executable that dropped in to go straight to Ring 0 and do what it liked with whatever it found there.
It made little mention of a flow of patches and updates so heavy it had to cut back to the weekly Patch Tuesday holiday, like Santa Clause reluctantly deciding he could only deliver toys on Christmas, not every night of the year.
It doesn't mention the productivity cost of having both IT people and end users continually downloading, testing, installing and recovering from installation problems involving patches, antivirus and malware.
It points out – quite correctly and with fully detailed research to back up its point – that most malware attacks would not succeed if its customers were more conscientious about the way it maintained Microsoft's software – which it can still take back if you sass it, don't forget.
And this from a company that, even in its newish 'secure' phase patched 22 "consistently exploitable" and two "critical" flaws in IE, Silverlight, .NET and other Windows add-ons so far this month. That's not a lot, is it?