Phishing and spear-phishing represent the majority of malicious exploit distributions around the world today. Despite being “shouted down” by other FReepers calling me a Microsoft fanboi, which I freely admit I am, Microsoft isn’t the problem here. This is a user education issue.
If you choose to use Microsoft products, following their guidance on keeping your system protections current. Use the Windows firewall, Windows Defender, and keep UAC (User Account Control) turned on. Review your system settings under Control Panel, and search the Internet for anything you might need to know more about.
Otherwise, go buy a Mac or learn Linux. Microsoft isn’t the most exploited OS on the market because it’s unsafe. They’re the most exploited OS on the market because they have the biggest market share. Microsoft is the second largest IT security company in the world by investment. They’ve dumped over US$1B into security in the last year. Hate them if you want. They’re not going anywhere.
No, that's not correct. The attacking software probes for SNMP v1 on listening computers and exploits the bug. There is no user involvement at all.