SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Australia’s vulnerabilities unmasked as survey reveals top unpatched & old programs
Tue, 28th Feb 2017
FYI, this story is more than a year old

Australians may be exposing themselves to danger every day without realising it - purely because of the programs on their computer, a new study from Secunia Research at Flexera Software has found.

The average private user has 77 programs on their PC and 7.1% of those are at the end of their life (EOL), meaning they are no longer patched by the vendor, and users have to master 27 different update mechanisms to remediate vulnerabilities.

It also means attackers can easily take advantage of security holes in those programs because they are so widespread.

“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” comments Kasper Lindgaard, director of Secunia Research at Flexera Software.

On top of that, 7.5% had unpatched Windows operating systems in Q4 2016, a jump from 6.1% in Q3.

13.3% are running unpatched non-Microsoft programs in Q4, a slight drop from 13.4% in Q3.

You might be wondering what those non-Microsoft programs are. The top 10 exposed programs include:

  • Apple iTunes 12.x. (56% unpatched, 46% market share, 29 vulnerabilities)
  • Oracle Java JRE 1.8.x / 8.x (45% unpatched, 43% market share, 39 vulnerabilities)
  • VLC Media Player 2.x (38% unpatched, 46% market share and 5 vulnerabilities)
  • uTorrent for Windows 3.x (64% unpatched, 16% market share and 1 vulnerability)
  • Google Picasa 3.x (51% unpatched, 19% market share and 0 vulnerabilities)
  • Adobe Reader XI 11.x (44% unpatched, 17% market share and 227 vulnerabilities)
  • Audacity 2.x (64% unpatched, 10% market share and 2 vulnerabilities)
  • Adobe Shockwave Player 12.x (36% unpatched, 17% market share and 0 vulnerabilities)
  • Microsoft Internet Explorer 11.x (6% unpatched, 89% market share and 106 vulnerabilities)
  • PuTTY 0.x (56% unpatched, 9% market share and 0 vulnerabilities)

Meanwhile, the top ten EOL programs include:

  • Adobe Flash Player 23.x - (81% market share)
  • Microsoft XML Core Services (MSXML) - (58% market share)
  • Microsoft SQL Server 2005 Compact Edition - (50% market share)
  • Google Chrome 54.x - (47% market share)
  • Apple Quicktime 7.x - (38% market share)
  • Mozilla Firefox 49.x - (28% market share)
  • Google Chrome 53.x - (23% market share)
  • Oracle Java JRE 1.7 / 7.x - (19% market share)
  • 7-zip 9.5 - (15% market share)
  • Oracle Java JRE 1.6 / 6.x - (13% market share)

“Risk remains if unsupported, end-of-life programs containing vulnerabilities are running.  Private PC users should continually scan their devices and remove end-of-life programs from their systems.  Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs,” Lindgaard concludes.

The Australia Country Report was based on data scans by Personal Software Inspector between October 1, 2016 and December 31, 2016.