Press Release

Flexera Issues New Warning about Future Ransomware Attacks Like WannaCry: Vulnerabilities are Increasing, and Users Aren’t Patching as Diligently

New Secunia Research@Flexera Country Report reveals the number of OS vulnerabilities is increasing, while users are losing ground patching them

Itasca, IL - May 15, 2017 - As the fallout from the #WannaCry ransomware attack continues to reverberate around the world, a new report by software vulnerability and patch management expert, Flexera, has an ominous warning for companies and individuals: the threat is growing – and people are getting lazier about protecting themselves.

Secunia Research@Flexera has just published its Country Report covering the first quarter of 2017.  The report reveals an alarming trend: More vulnerabilities are being found in U.S. PC operating systems, while at the same time, users aren’t patching them as diligently.  Vulnerabilities are errors in software that can work as an entry point for hackers – like the vulnerability exploited by the WannaCry ransomware attack.  They are a root cause of security issues and can be exploited to gain access to IT systems.  According to the Flexera report:

  • The percentage of U.S. PC users with unpatched Windows operating systems was 9.8% in Q1, 2017, up from 7.5% last quarter and 6.5% in Q1, 2016.
  • The percentage of vulnerabilities originating in operating systems in the U.S. was 36% in Q1, up from 33% in Q4, 2016 and 21% in Q1, 2016.

Today’s report is stunning because the Flexera data reveals the threat of harm from these attacks is actually increasing.  But the opposite should be true.  That’s because most known vulnerabilities have patches available on the date of their disclosure.  According to Flexera’s annual Vulnerability Review published earlier this year, in 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors.  81 percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.

Despite the availability of patches – like the Microsoft Patch that could have prevented harm from the WannaCry attack – an alarming number of companies and individuals simply did not apply them.

“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera Software.  “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously.  There is simply no excuse.”

The Country Reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to vulnerabilities.

Key Findings in the U.S. Country Report Include:

  • 9.8 percent of users had unpatched Windows operating systems in Q1, 2017.
  • On average 14.1 percent of non-Microsoft programs were unpatched in Q1, 2017.
  • The top three most exposed programs for Q1 were Apple iTunes 12.x. (56 percent unpatched, 43 percent market share, 77 vulnerabilities), Oracle Java JRE 1.8.x / 8.x (52 percent unpatched, 47 percent market share, 44 vulnerabilities), and VLC Media Player 2.x (40 percent unpatched, 27 percent market share, 6 vulnerabilities).

The 12 Country Reports are based on data from scans by Personal Software Inspector between January 1, 2017 and March 31, 2017.

- # # # -

Resources:

Download the Q1, 2017 Country Reports

Learn more about:

Follow Flexera Software…

About Flexera Software
Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimized software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com

For more information, contact:

Flexera Software
John Lipsey
(224) 465-9139
jlipsey@flexerasoftware.com

*All third-party trademarks are the property of their respective owners.