PCs still at risk from end-of-life programs
The latest software vulnerability report from Secunia Research at Flexera Software reveals that the average US private PC user has 75 installed programs on their PC, 7.4 percent of which are no longer patched by the vendor.
More detailed analysis of the findings shows that 7.5 percent of users had unpatched Windows operating systems in the final quarter of 2016, up from 6.1 percent in Q3 of 2016 and down from 9.9 percent in Q4, 2015.
In addition 14 percent of users had unpatched non-Microsoft programs in Q4, 2016, up from 13.8 percent in Q3 of 2016 and 12.2 percent in Q4 of 2015. The top three most exposed programs for Q4 in terms of the numbers unpatched, market share and the number of known vulnerabilities, were Apple iTunes 12.x. (55 percent unpatched, 43 percent market share, 29 vulnerabilities), Oracle Java JRE 1.8.x / 8.x (50 percent unpatched, 47 percent market share, 39 vulnerabilities), and VLC Media Player 2.x (44 percent unpatched, 28 percent market share, 5 vulnerabilities).
"Software Vulnerability Management is an effective strategy for minimizing the attack surface by enabling people and organizations to identify known vulnerabilities on their devices, prioritize those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems," says Kasper Lindgaard, director of Secunia Research at Flexera Software. "But risk remains if unsupported, end-of-life programs containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programs from their systems. Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs."
The report for the US along with those for other regions around the world is available to download from the Flexera website.