SOURCE: Flexera Software

Flexera Software

November 01, 2016 08:00 ET

New Secunia Research at Flexera Software Country Report: Windows Operating Systems vs. Non-Windows Applications -- A Tale of Contrasting Vulnerability Risk

Microsoft® Windows OS vulnerabilities appear to be stabilizing after year-long decrease, while non-Windows application vulnerabilities still on the rise

ITASCA, IL--(Marketwired - November 01, 2016) - The percentage of unpatched Microsoft Windows operating systems on private PCs seems to be stabilizing after a year of steady decline. But the level of unpatched non-Windows applications on private PCs continues to rise.

These conclusions can be drawn from just-released Country Reports covering Q3 2016 for 12 countries, published by Secunia Research at Flexera Software, the leading provider of Software Vulnerability Management Solutions. The reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.

Key Findings in the U.S. Country Report Include:

  • 6.1 percent of users had unpatched Windows operating systems in Q3 of 2016, up from 5.5 percent in Q2 of 2016 and down from 10.7 percent in Q3, 2015.
  • 13.8 percent of users had unpatched non-Microsoft programs in Q3, 2016, up from 13.5 percent in Q2 of 2016 and 12.0 percent in Q3 of 2015.
  • The top three most exposed programs for Q3 were Oracle Java JRE 1.8.x / 8.x. (48 percent unpatched, 47 percent market share, 57 vulnerabilities), Apple iTunes 12.x (45 percent unpatched, 43 percent market share, 50 vulnerabilities) and VLC Media Player 2.x (51 percent unpatched, 28 percent market share, 7 vulnerabilities).

Level of Unpatched Windows Operating Systems Stabilizing

Though the level of unpatched private PC Windows operating systems may tick up or down from quarter to quarter, it appears to be stabilizing at lower levels compared to this time last year. Time will tell whether this trend continues, but Microsoft's recent announcement moving to a roll-up model for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 updates may help. Microsoft says all supported versions of Windows will now follow a similar update servicing model, bringing a more consistent and simplified servicing experience.

"We will be tracking this closely to determine whether the recent declines in unpatched Windows operating systems are a blip or indicative of a long term trend," said Kasper Lindgaard, Director of Secunia Research at Flexera Software. "If it is a trend, the consumer will ultimately benefit by the reduced attack surface that hackers can exploit within the Windows OS."

The Attack Surface for Non-Microsoft Applications Continues to Grow

The security news was not all rosy for private PC users. The level of unpatched non-Microsoft programs continues its upward trend. The reasons are likely due to the process consumers must utilize to implement security patches. Microsoft is standardizing its patch process and automation across its entire application portfolio. In contrast, each non-Microsoft vendor may have its own patch process -- requiring the user to be much more knowledgeable and diligent. And according to the 2016 Vulnerability Review, non-Microsoft programs represent 60 percent of the applications on a computer.

"Most users do not devote the time and attention necessary to keep up-to-date with the latest security patches across all the applications on their PCs. And for non-Windows applications, it takes more effort," added Lindgaard. "This why automated patch management systems like Corporate Software Inspector for enterprises, and Personal Software Inspector for consumers, are so important."

The 12 Country Reports are based on data from scans by Personal Software Inspector between July 1, 2016 and September 30, 2016.

Resources:

Download the Q3 2016 Country Reports

Learn more about:

Follow us on…

About Flexera Software

Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimized software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com.

*All third-party trademarks are the property of their respective owners.

Contact Information

  • For more information, contact:

    Flexera Software


    John Lipsey
    +1 (224) 465-9139
    Email contact