But the news is not all good – the rate of unpatched non-Microsoft programs is on the rise
Itasca, IL - Aug 8, 2016 - There’s good news for Microsoft, and for private U.S. PC users in their battle against hackers and potential exploits. The percentage of unpatched Microsoft Windows® operating systems is on the decline as of the second quarter of 2016 – meaning those users are less exposed to exploitable software vulnerabilities via their operating systems. But, there’s bad news too. The percentage of private U.S. PC users with unpatched non-Microsoft programs is on the rise – so users still face considerable exposure to hacker exploits.
These are the conclusions that can be drawn from just-released Country Reports covering Q2 2016 for 12 countries, published by Secunia Research at Flexera Software, the leading provider of Software Vulnerability Management Solutions. The reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.
Key Findings in the U.S. Country Report Include:
- 5.5 percent of private PC users had unpatched Windows operating systems in Q2 of 2016, down from 6.5 percent in Q1 of 2016 and 13.2 percent in Q2, 2015.
- 13.5 percent of private PC users had unpatched non-Microsoft programs in Q2, 2016, up from 12.7 percent in Q1 of 2016 and 11.9 percent in Q2 of 2015.
- The top three most exposed programs for Q2, 2016 were Oracle Java JRE 1.8x/8.x (49 percent unpatched, 46 percent market share, 67 vulnerabilities), VLC Media Player 2.x (60 percent unpatched, 27 percent market share, 8 vulnerabilities), and Adobe Reader XI 11.x (65 percent unpatched, 24 percent market share, 215 vulnerabilities).
Unpatched Windows Operating Systems on the Decline
Because of their ubiquitous use on private PCs, operating systems make attractive targets for hackers. Accordingly, keeping up with operating system patches is an essential Software Vulnerability Management best practice. According to the data, private U.S. PC users are getting the message. Only 5.5 percent had unpatched Windows operating systems as of Q2 2016, down from 13.2 percent this time last year. “The decline in unpatched Windows operating systems is remarkable and encouraging,” noted Kasper Lindgaard, Director of Secunia Research at Flexera Software. “It will be interesting to see if this trend continues over the long run, especially as Windows 10 and its automated updates become more widely deployed.”
Private PC Users Are Becoming Less Diligent Patching Non-Windows Programs
While the Windows operating systems of private U.S. PC users are being patched more diligently, the opposite is true for non-Microsoft programs. With the rate of unpatched non-Microsoft programs on the rise, the data suggests that users are increasingly ignoring the security patch warnings available to them. For instance, Personal Software Inspector will alert users when a vulnerability to a non-Microsoft program is found on their PCs and automatically patch the vulnerability – but the user must approve the action and launch the automated process. “If users install software but then ignore alerts and fail to initiate the patch process when a vulnerability is found, they will remain exposed to that vulnerability,” said Lindgaard. “That is very unfortunate and has the potential to result in a bad outcome.”
Most Exposed Programs
The top three most exposed programs in the United States for Q2 2016 represent 290 vulnerabilities over the last four quarters verified by Secunia Research at Flexera Software. Of those 290 vulnerabilities, 23 of them are fixed in security patches rated ‘Extremely Critical,’ and 265 were fixed in patches rated ‘Highly Critical.’ ‘Extremely Critical’ vulnerabilities are typically remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. These vulnerabilities can exist in services like FTP, HTTP and SMTP or in certain client systems like email applications or browsers. ‘Highly Critical’ vulnerabilities are typically remotely exploitable and can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can exist in services like FTP, HTTP and SMTP or in client systems like email applications or browsers.
“The number of vulnerabilities just in the top three products underscores the vastness of the opportunity for hackers to gain entry into exposed systems, and the reason Software Vulnerability Management is so essential,” said Lindgaard. “The easiest, fastest and least costly way for companies and individual users to minimize risk is to patch known vulnerabilities before they become a problem.”
To help users stay secure Flexera Software offers Personal Software Inspector (formerly Secunia PSI 3.0), a free computer security scanner which identifies software applications that are insecure and in need of security updates. It has been downloaded by over 8 million PC users globally to detect vulnerable and outdated programs and plug-ins.
The 12 Country Reports are based on data from scans by Personal Software Inspector between April 1, 2016 and June 30, 2016.
- # # # -
Learn more about:
Follow Flexera Software…
About Flexera Software
Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimized software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com
For more information, contact:
*All third-party trademarks are the property of their respective owners.