New Secunia Research at Flexera Software Country Report: Windows Operating Systems vs. Non-Microsoft Applications – A Tale of Contrasting Vulnerability Risk

Microsoft® Windows OS vulnerabilities appear to be stabilizing after year-long decrease, while non-Microsoft application vulnerabilities still on the rise

Itasca, IL - Nov 1, 2016 - The percentage of unpatched Microsoft Windows operating systems on private PCs seems to be stabilizing after a year of steady decline. But the level of unpatched non-Microsoft applications on private PCs continues to rise.

These conclusions can be drawn from just-released Country Reports covering Q3 2016 for 12 countries, published by Secunia Research at Flexera Software, the leading provider of Software Vulnerability Management Solutions.  The reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.

Key Findings in the U.S. Country Report Include:

  • 6.1 percent of users had unpatched Windows operating systems in Q3 of 2016, up from 5.5 percent in Q2 of 2016 and down from 10.7 percent in Q3, 2015.
  • 13.8 percent of users had unpatched non-Microsoft programs in Q3, 2016, up from 13.5 percent in Q2 of 2016 and 12.0 percent in Q3 of 2015.
  • The top three most exposed programs for Q3 were Oracle Java JRE 1.8.x / 8.x. (48 percent unpatched, 47 percent market share, 57 vulnerabilities), Apple iTunes 12.x (45 percent unpatched, 43 percent market share, 50 vulnerabilities) and VLC Media Player 2.x (51 percent unpatched, 28 percent market share, 7 vulnerabilities).

Level of Unpatched Windows Operating Systems Stabilizing

Though the level of unpatched private PC Windows operating systems may tick up or down from quarter to quarter, it appears to be stabilizing at lower levels compared to this time last year.  Time will tell whether this trend continues, but Microsoft’s recent announcement moving to a roll-up model for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 updates may help.  Microsoft says all supported versions of Windows will now follow a similar update servicing model, bringing a more consistent and simplified servicing experience.

“We will be tracking this closely to determine whether the recent declines in unpatched Windows operating systems are a blip or indicative of a long term trend,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software.  “If it is a trend, the consumer will ultimately benefit by the reduced attack surface that hackers can exploit within the Windows OS.”

The Attack Surface for Non-Microsoft Applications Continues to Grow

The security news was not all rosy for private PC users.  The level of unpatched non-Microsoft programs continues its upward trend.  The reasons are likely due to the process consumers must utilize to implement security patches.  Microsoft is standardizing its patch process and automation across its entire application portfolio.  In contrast, each non-Microsoft vendor may have its own patch process – requiring the user to be much more knowledgeable and diligent.  And according to the 2016 Vulnerability Review, non-Microsoft programs represent 60 percent of the applications on a computer.

“Most users do not devote the time and attention necessary to keep up-to-date with the latest security patches across all the applications on their PCs.  And for non-Microsoft applications, it takes more effort,” added Lindgaard.  “This why automated patch management systems like Corporate Software Inspector for enterprises, and Personal Software Inspector for consumers, are so important.”

The 12 Country Reports are based on data from scans by Personal Software Inspector between July 1, 2016 and September 30, 2016.

- # # # -


Download the Q3 2016 Country Reports

Learn more about:

Follow Flexera…

About Flexera

Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. The Flexera  RightScale multicloud management and cloud cost optimization solutions enable enterprises to drive top-line revenue while optimizing cloud usage to reduce risk and costs. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1300+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at

For more information, contact:

Clement | Peterson Public Relations

*All third-party trademarks are the property of their respective owners.