Good Security News for Private UK PC Windows Users – Rates of Unpatched Windows Operating Systems Declining According to New Secunia Research at Flexera Software Report
But the news is not all good – the rate of unpatched non-Microsoft programmes is on the rise
Maidenhead, U.K. – August 8, 2016 – There’s good news for Microsoft, and for private UK PC users in their battle against hackers and potential exploits. The percentage of unpatched Microsoft Windows® operating systems is on the decline as of the second quarter of 2016 – meaning those users are less exposed to exploitable software vulnerabilities via their operating systems. But, there’s bad news too. The percentage of private UK PC users with unpatched non-Microsoft programmes is on the rise – so users still face considerable exposure to hacker exploits.
These are the conclusions that can be drawn from just-released Country Reports covering Q2 2016 for 12 countries, published by Secunia Research at Flexera Software, the leading provider of Software Vulnerability Management Solutions. The reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.
Key Findings in the UK Country Report Include:
• 5.4 percent of users had unpatched Windows operating systems in Q2 of 2016, down from 6.1 percent in Q1 of 2016 and 10.3 percent in Q2, 2015.
• 12.6 percent of users had unpatched non-Microsoft programmes in Q2, 2016, up from 11.9 percent in Q1 of 2016 and 11.3 percent in Q2 of 2015.
• The top three most exposed programmes for Q2, 2016 were VLC Media Player 2.x (55 percent unpatched, 36 percent market share and 8 vulnerabilities), Oracle Java JRE 1.8x/8.x (47 percent unpatched, 39 percent market share, 67 vulnerabilities), and Adobe Reader XI 11.x (62 percent unpatched, 20 percent market share, and 215 vulnerabilities).
Unpatched Windows Operating Systems on the Decline
Because of their ubiquitous use on private PCs, operating systems make attractive targets for hackers. Accordingly, keeping up with operating system patches is an essential Software Vulnerability Management best practice. According to the data, private UK PC users are getting the message. Only 5.4 percent had unpatched Windows operating systems as of Q2 2016, down from 10.3 percent this time last year. “The decline in unpatched Windows operating systems is remarkable and encouraging,” noted Kasper Lindgaard, Director of Secunia Research at Flexera Software. “It will be interesting to see if this trend continues over the long run, especially as Windows 10 and its automated updates become more widely deployed.”
Private PC Users Are Becoming Less Diligent Patching Non-Windows Programmes
While the Windows operating systems of private UK PC users are being patched more diligently, the opposite is true for non-Microsoft programmes. With the rate of unpatched non-Microsoft programmes on the rise, the data suggests that users are increasingly ignoring the security patch warnings available to them. For instance, Personal Software Inspector will alert users when a vulnerability to a non-Microsoft programme is found on their PCs and automatically patch the vulnerability – but the user must approve the action and launch the automated process. “If users install software but then ignore alerts and fail to initiate the patch process when a vulnerability is found, they will remain exposed to that vulnerability,” said Lindgaard. “That is very unfortunate and has the potential to result in a bad outcome.”
Most Exposed Programmes
The top three most exposed programmes in the UK for Q2 2016 represent 290 vulnerabilities over the last four quarters verified by Secunia Research at Flexera Software. Of those 290 vulnerabilities, 23 of them are fixed in security patches rated ‘Extremely Critical,’ and 265 were fixed in patches rated ‘Highly Critical.’ ‘Extremely Critical’ vulnerabilities are typically remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. These vulnerabilities can exist in services like FTP, HTTP and SMTP or in certain client systems like email applications or browsers. ‘Highly Critical’ vulnerabilities are typically remotely exploitable and can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can exist in services like FTP, HTTP and SMTP or in client systems like email applications or browsers.
“The number of vulnerabilities just in the top three products underscores the vastness of the opportunity for hackers to gain entry into exposed systems, and the reason Software Vulnerability Management is so essential,” said Lindgaard. “The easiest, fastest and least costly way for companies and individual users to minimise risk is to patch known vulnerabilities before they become a problem.”
To help users stay secure Flexera Software offers Personal Software Inspector (formerly Secunia PSI 3.0), a free computer security scanner which identifies software applications that are insecure and in need of security updates. It has been downloaded by over 8 million PC users globally to detect vulnerable and outdated programmes and plug-ins.
The 12 Country Reports are based on data from scans by Personal Software Inspector between April 1, 2016 and June 30, 2016.
