For Cybersecurity Awareness Month, we ran security vulnerability reports across our customer base. The findings aren't just concerning. They're a wake-up call for IT leaders, sysadmins and network admins everywhere.
Across 182 active customer sites, we inventoried 115,259 endpoints. What we discovered should make every CISO pause their next meeting.
The Numbers Don't Lie
62% of endpoints—71,120 devices—had at least one piece of software with a high or critical vulnerability.
These are serious exposures: vulnerabilities with a Common Vulnerability Scoring System (CVSS) score of 7.0 or higher, with critical vulnerabilities scoring 9.0-10.0 out of 10. At this severity level, exploits are often publicly available and actively targeted by threat actors.
Nearly two-thirds of inventoried endpoints are sitting targets for attackers. These vulnerable devices were spread across 157 customer sites, meaning only 25 organizations had a completely clean bill of health.
But here's what makes this data particularly alarming: the timing.
Perfect Storm: Windows 10 EOL Meets Active Exploitation
On October 14, 2025, Microsoft officially ended support for Windows 10. No more security patches. No more protection against newly discovered flaws. Just permanent exposure to an expanding attack surface.
Our data reveals more than 40% of inventoried Windows workstations are now running unsupported versions of Windows, including 26,730 devices on Windows 10 that crossed into unsupported territory two weeks ago.
The breakdown is stark:
- 26,730 workstations running Windows 10 (now officially out-of-support)
- 1,361 workstations running unsupported versions of Windows 11
- 298 devices still on Windows 7
- 3 devices on Windows 8.1
- And yes, one device still running Windows Vista (the last time that was supported was 2017!)
These aren't just statistics. They're unlocked doors in your security perimeter.
When Patch Management Becomes a Weapon
The stakes became even clearer on October 24, 2025, when CISA added CVE-2025-59287 to its Known Exploited Vulnerabilities catalog. This critical vulnerability in Windows Server Update Services (WSUS) allows unauthenticated attackers to achieve remote code execution with system-level privileges.
Our data shows the magnitude of server exposure:
- 2,358 Windows servers are entirely out-of-support
- 13,608 Windows servers are only receiving extended support
- 641 SQL servers are completely out-of-support, with another 1,851 receiving only security or extended security updates
These aren't edge cases. These are mission-critical infrastructure components running on borrowed time.
The EDR Gap You Didn't Know You Had
While 98.72% of inventoried endpoints had EDR solutions deployed—a seemingly impressive number—that remaining 1.28% represents 1,478 devices operating without endpoint protection across 87 customer sites.
In an environment where 62% of endpoints already have known vulnerabilities, these unprotected devices aren't just gaps. They're expressways for lateral movement.
Security Vulnerability Management: From Reactive to Proactive
Here's the fundamental problem: most organizations don't discover security vulnerabilities until they're facing an incident. Traditional security tools operate downstream, alerting you after threat actors have already identified and begun exploiting weaknesses.
Effective security vulnerability management requires upstream visibility. You need to know what's running on your endpoints before attackers do. You need to identify out-of-support software, missing security patches, and critical vulnerabilities at the discovery layer—not during forensics.
That's the difference between security vulnerability software that reacts and platforms that prevent.
Your Endpoints Are Talking. Are You Listening?
Every one of these statistics represents a preventable risk. The 26,730 Windows 10 devices that just lost security support. The 71,120 endpoints with critical vulnerabilities. The 1,478 devices without EDR protection. Even that one Vista machine that somehow survived a decade of IT refreshes.
They're all telling you the same story: visibility gaps become security incidents.
The organizations in our data with zero vulnerable endpoints didn't get lucky. They implemented proactive security vulnerability management that surfaces risks at the asset discovery level—before vulnerabilities become breaches.
What's Running on Your Network Right Now?
Most IT leaders can't answer that question with certainty. They're managing what they can see, while blind spots in their environment accumulate risk with every passing day.
You can't patch what you don't know about. You can't protect security vulnerability endpoints that aren't properly inventoried. And you can't defend against threats when your asset discovery is weeks behind reality.
Time to Move Upstream
How long would it take your organization to identify every vulnerable instance across your infrastructure? A month, a few weeks, a day? (Sometimes, a day is all you have to react. Just ask these federal agencies.)
For the 157 customer sites with vulnerable endpoints in our dataset, the answer depends on whether they're operating reactively or proactively.
The upstream approach starts with complete visibility: knowing every piece of software, every endpoint configuration, and every potential vulnerability before threat actors discover them. It means having real-time insight into your entire IT estate—software, SaaS, cloud, and entitlements—in a single pane of glass.
Because in 2025, the organizations that thrive aren't the ones with the fastest incident response. They're the ones who spot vulnerabilities before they become incidents.
---
Ready to see what you're missing? Learn how Block 64 delivers proactive security through upstream visibility across your entire IT estate—or schedule a security assessment to discover your blind spots before attackers do. Or start a free trial for unified IT visibility and control of SaaS, software, cloud and security risk.