Microsoft has improved security gradually over the years through a continuous improvement process and strategic initiatives of it’s executives.  Microsoft’s CEO recently discussed security improvements as noted below:

http://www.nytimes.com/2015/11/18/technology/microsoft-once-infested-with-security-flaws-does-an-about-face.html

REDMOND, Wash. — Microsoft was once the epitome of everything wrong with security in technology. Its products were so infested with vulnerabilities that the company’s co-founder, Bill Gates, once ordered all of Microsoft engineers to stop writing new code for a month and focus on fixing the bugs in software they had already built.

But in recent years, Microsoft has cleaned up its act, even impressing security specialists like Mikko Hypponen, the chief research officer for F-Secure, a Finnish security company, who used to cringe at Microsoft’s practices.  “They’ve changed themselves from worst in class to the best in class,” Mr. Hypponen said. “The change is complete. They started taking security very seriously.”

Microsoft’s chief executive, Satya Nadella, says he is listening. On Tuesday, he delivered a speech to government technology workers in Washington about the importance of security in the technology business and how Microsoft has evolved to confront security threats.  Mr. Nadella, in a phone interview, said his aim was to lay out how Microsoft products make it harder for hackers to compromise PCs, and how the company has eliminated the corporate divisions that separated security managers from each other to improve how threat information is shared.   “It’s kind of like going to the gym every day,” said Mr. Nadella, who himself runs about three miles a day. “You can’t say I’m serious about security without exercising the regimen of keeping security top of mind every second, every hour of the day.”