OS vulnerabilities up -- Patches down
If the WannaCrypt ransomware attack of the last few days has taught us anything it should be the importance of patching systems to guard against attack.
Yet a study released today suggests the message isn't getting through. The latest US country report from Flexera Software reveals the percentage of US PC users with unpatched Windows operating systems was 9.8 percent in Q1, 2017, up from 7.5 percent last quarter and 6.5 percent in Q1, 2016.
The percentage of vulnerabilities originating in operating systems in the US was 36 percent in Q1, up from 33 percent in Q4, 2016 and 21 percent in Q1, 2016. 20 percent come from other Microsoft programs and 44 percent from other software.
The report reveals that 12.8 percent of non-Microsoft programs were un-patched in the first quarter of this year. The top five most vulnerable programs are: Apple iTunes 12.x, Oracle Java JRE 1.8.x/8.x, VLC Media Player 2.x, Adobe Reader XI 11.x, and Adobe Shockwave Player 12.x.
It also identifies a number of end-of-life programs that no longer receive updates but are still widely used. These include Adobe Flash Player 24.x, Microsoft XML Core Services (MSXML) 4.x Microsoft SQL Server 2005 Compact Edition, and Apple QuickTime 7.x.
"The most efficient and inexpensive way to reduce the threat of falling victim to hackers is to minimize the attack surface. That means finding vulnerable applications in your environment and patching them before they can be exploited," says Kasper Lindgaard, senior director of Secunia Research at Flexera Software. "Today's report is not good news. Every PC has operating system software running it. A decrease in patch rates translate to a larger attack surface hackers can take advantage of."
You can see the full report along with those for other countries on the Flexera website.