sb-au logo
Story image

Australia’s vulnerabilities unmasked as survey reveals top unpatched & old programs

28 Feb 2017

Australians may be exposing themselves to danger every day without realising it - purely because of the programs on their computer, a new study from Secunia Research at Flexera Software has found.

The average private user has 77 programs on their PC and 7.1% of those are at the end of their life (EOL), meaning they are no longer patched by the vendor, and users have to master 27 different update mechanisms to remediate vulnerabilities. 

It also means attackers can easily take advantage of security holes in those programs because they are so widespread.

“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” comments Kasper Lindgaard, director of Secunia Research at Flexera Software.  

On top of that, 7.5% had unpatched Windows operating systems in Q4 2016, a jump from 6.1% in Q3.

13.3% are running unpatched non-Microsoft programs in Q4, a slight drop from 13.4% in Q3.

You might be wondering what those non-Microsoft programs are. The top 10 exposed programs include:

  • Apple iTunes 12.x. (56% unpatched, 46% market share, 29 vulnerabilities)
  • Oracle Java JRE 1.8.x / 8.x (45% unpatched, 43% market share, 39 vulnerabilities)
  • VLC Media Player 2.x (38% unpatched, 46% market share and 5 vulnerabilities)
  • uTorrent for Windows 3.x (64% unpatched, 16% market share and 1 vulnerability)
  • Google Picasa 3.x (51% unpatched, 19% market share and 0 vulnerabilities)
  • Adobe Reader XI 11.x (44% unpatched, 17% market share and 227 vulnerabilities)
  • Audacity 2.x (64% unpatched, 10% market share and 2 vulnerabilities)
  • Adobe Shockwave Player 12.x (36% unpatched, 17% market share and 0 vulnerabilities)
  • Microsoft Internet Explorer 11.x (6% unpatched, 89% market share and 106 vulnerabilities)
  • PuTTY 0.x (56% unpatched, 9% market share and 0 vulnerabilities)

Meanwhile, the top ten EOL programs include:

  • Adobe Flash Player 23.x - (81% market share)
  • Microsoft XML Core Services (MSXML) - (58% market share)
  • Microsoft SQL Server 2005 Compact Edition - (50% market share)
  • Google Chrome 54.x - (47% market share)
  • Apple Quicktime 7.x - (38% market share)
  • Mozilla Firefox 49.x - (28% market share)
  • Google Chrome 53.x - (23% market share)
  • Oracle Java JRE 1.7 / 7.x - (19% market share)
  • 7-zip 9.5 - (15% market share)
  • Oracle Java JRE 1.6 / 6.x - (13% market share)

“Risk remains if unsupported, end-of-life programs containing vulnerabilities are running.  Private PC users should continually scan their devices and remove end-of-life programs from their systems.  Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs,” Lindgaard concludes. 

The Australia Country Report was based on data scans by Personal Software Inspector between October 1, 2016 and December 31, 2016.

Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Video: 10 Minute IT Jams - Who is Vectra AI?
Today, Techday spoke with Vectra AI head of security engineering Chris Fisher, who discusses the company's key products and offerings, updates on its operations in the A/NZ region, and the latest improvements on its products.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
The importance of selecting a secure SD-WAN solution
It’s essential to adopt a secure SD-WAN solution to avoid the risks that an unsecured SD-WAN solution can introduce, writes Wavelink managing director Ilan Rubin.More