Itasca, IL - Aug 8, 2016 - There’s good news for Microsoft, and for private U.S. PC users in their battle against hackers and potential exploits. The percentage of unpatched Microsoft Windows® operating systems is on the decline as of the second quarter of 2016 – meaning those users are less exposed to exploitable software vulnerabilities via their operating systems. But, there’s bad news too. The percentage of private U.S. PC users with unpatched non-Microsoft programs is on the rise – so users still face considerable exposure to hacker exploits.
These are the conclusions that can be drawn from just-released Country Reports covering Q2 2016 for 12 countries, published by Secunia Research at Flexera Software, the leading provider of Software Vulnerability Management Solutions. The reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.
Key Findings in the U.S. Country Report Include:
Unpatched Windows Operating Systems on the Decline
Because of their ubiquitous use on private PCs, operating systems make attractive targets for hackers. Accordingly, keeping up with operating system patches is an essential Software Vulnerability Management best practice. According to the data, private U.S. PC users are getting the message. Only 5.5 percent had unpatched Windows operating systems as of Q2 2016, down from 13.2 percent this time last year. “The decline in unpatched Windows operating systems is remarkable and encouraging,” noted Kasper Lindgaard, Director of Secunia Research at Flexera Software. “It will be interesting to see if this trend continues over the long run, especially as Windows 10 and its automated updates become more widely deployed.”
Private PC Users Are Becoming Less Diligent Patching Non-Windows Programs
While the Windows operating systems of private U.S. PC users are being patched more diligently, the opposite is true for non-Microsoft programs. With the rate of unpatched non-Microsoft programs on the rise, the data suggests that users are increasingly ignoring the security patch warnings available to them. For instance, Personal Software Inspector will alert users when a vulnerability to a non-Microsoft program is found on their PCs and automatically patch the vulnerability – but the user must approve the action and launch the automated process. “If users install software but then ignore alerts and fail to initiate the patch process when a vulnerability is found, they will remain exposed to that vulnerability,” said Lindgaard. “That is very unfortunate and has the potential to result in a bad outcome.”
Most Exposed Programs
The top three most exposed programs in the United States for Q2 2016 represent 290 vulnerabilities over the last four quarters verified by Secunia Research at Flexera Software. Of those 290 vulnerabilities, 23 of them are fixed in security patches rated ‘Extremely Critical,’ and 265 were fixed in patches rated ‘Highly Critical.’ ‘Extremely Critical’ vulnerabilities are typically remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. These vulnerabilities can exist in services like FTP, HTTP and SMTP or in certain client systems like email applications or browsers. ‘Highly Critical’ vulnerabilities are typically remotely exploitable and can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can exist in services like FTP, HTTP and SMTP or in client systems like email applications or browsers.
“The number of vulnerabilities just in the top three products underscores the vastness of the opportunity for hackers to gain entry into exposed systems, and the reason Software Vulnerability Management is so essential,” said Lindgaard. “The easiest, fastest and least costly way for companies and individual users to minimize risk is to patch known vulnerabilities before they become a problem.”
To help users stay secure Flexera Software offers Personal Software Inspector (formerly Secunia PSI 3.0), a free computer security scanner which identifies software applications that are insecure and in need of security updates. It has been downloaded by over 8 million PC users globally to detect vulnerable and outdated programs and plug-ins.
The 12 Country Reports are based on data from scans by Personal Software Inspector between April 1, 2016 and June 30, 2016.
- # # # -
Learn more about:
Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1200+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at www.flexera.com.