UK Users Getting Better at Patching … Microsoft
UK PC users are getting better at patching their Microsoft systems but appear to be ignoring security warnings on other software, according to the latest stats from Secunia Research.
The Flexera Software business claimed in its Q2 Country Report for the UK that just 5.4% of users had unpatched Windows operating systems in the period, down from 6.1% in the previous quarter and 10.3% a year ago.
However, 12.6% of users had unpatched non-Microsoft programs in the three-month period, up from 11.9% in Q1 2016 and 11.3% in Q2 2015.
The top three most vulnerable programs during the period were VLC Media Player 2.x (55% unpatched, 36% market share and eight bugs), Oracle Java JRE 1.8x/8.x (47% unpatched, 39%, 67 flaws) and Adobe Reader XI 11.x (62% unpatched, 20% market share, and 215 vulnerabilities).
Director of Secunia Research, Kasper Lindgaard, described the Microsoft stats as “remarkable and encouraging” but warned of the dangers of ignoring patch update warnings on third party software.
“The number of vulnerabilities just in the top three products underscores the vastness of the opportunity for hackers to gain entry into exposed systems, and the reason software vulnerability management is so essential,” said Lindgaard.
“The easiest, fastest and least costly way for companies and individual users to minimize risk is to patch known vulnerabilities before they become a problem.”
The dangers of exposed third party software are perfectly encapsulated in the continuing security woes associated with Adobe Flash.
The firm’s last Patch Tuesday update dwarfed even that of Microsoft, with two patches covering Flash Player and Reader designed to fix a whopping 82 vulnerabilities.
As a result, some major tech companies are already beginning to marginalize the software where possible.
Back in February, Google announced it would no longer be accepting Flash-based display ads on its Display Network or DoubleClick after January 2017.
Also, at the end of July, Mozilla announced it would be blocking any Flash-related content in Firefox “not essential” to the user experience.
Source: Information Security Magazine