Significant Rise in Reported Vulnerabilities Within Microsoft Programmes
Copenhagen, Denmark - Jan 20, 2015 - Secunia, the leading provider of IT security solutions for vulnerability management, has published its latest quarterly report documenting the state of security among private PC users in the UK throughout 2014. In a year which saw a considerablerise in reported vulnerabilities, the results show many users’ PCs are inadequately patched and therefore easily compromised.
The proportion of reported vulnerabilities originating from Microsoft programs has increased substantially on private PCs, to 47% in the last 12 months, up from 26% the previous year. However, Microsoft’s software does not appear in the list of the top five most exposed programmes.
Kasper Lindgaard, Director of Research and Security at Secunia explains why the large number of reported and patched Microsoft vulnerabilities could have positive implications for browser security:
“From May 2014 onwards we saw a big increase in the numbers of reported and patched vulnerabilities in Internet Explorer, which is the primary factor behind the overall rise. This could be because Microsoft is becoming more focused on browser security, it could be a result of the “Internet Explorer 11 Preview Bug Bounty, or it could just be that (both sides of) the industry have directed their focus that way in 2014.”
Other key findings in the report include:
- The average UK PC user has 74 programs installed from 26 different vendors. Users must therefore master 26 different update mechanisms to ensure all available security patches are applied
- The most exposed programs over the past 12 months include:
- Oracle Java with 145 vulnerabilities and 42% of installed programs unpatched
- Apple Quicktime 7 with 11 vulnerabilities and 32% of installed programs unpatched
- VLC Media Player 2 with 2 vulnerabilities and 40% of installed programs unpatched
- Almost 6% of programs on the average UK user’s PC have reached end-of-life, meaning they do not received security updates from the vendor
To help users stay secure Secunia offers its Secunia PSI 3.0, a free computer security scanner which identifies software applications that are insecure and in need of security updates. It has been downloaded by over 7 million PC users globally to detect vulnerable and out-dated programs and plug-ins.
Secunia’s country reports are based on data from scans by the Secunia Personal Software Inspector between 1 January and 31 December 2014. The data reflects the state of security of Secunia PCI users who it is safe to assume are more secure than other PC users.
Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1200+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at www.flexera.com.
For more information, contact:
*All third-party trademarks are the property of their respective owners.