Story image

Australia’s vulnerabilities unmasked as survey reveals top unpatched & old programs

28 Feb 17

Australians may be exposing themselves to danger every day without realising it - purely because of the programs on their computer, a new study from Secunia Research at Flexera Software has found.

The average private user has 77 programs on their PC and 7.1% of those are at the end of their life (EOL), meaning they are no longer patched by the vendor, and users have to master 27 different update mechanisms to remediate vulnerabilities. 

It also means attackers can easily take advantage of security holes in those programs because they are so widespread.

“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” comments Kasper Lindgaard, director of Secunia Research at Flexera Software.  

On top of that, 7.5% had unpatched Windows operating systems in Q4 2016, a jump from 6.1% in Q3.

13.3% are running unpatched non-Microsoft programs in Q4, a slight drop from 13.4% in Q3.

You might be wondering what those non-Microsoft programs are. The top 10 exposed programs include:

  • Apple iTunes 12.x. (56% unpatched, 46% market share, 29 vulnerabilities)
  • Oracle Java JRE 1.8.x / 8.x (45% unpatched, 43% market share, 39 vulnerabilities)
  • VLC Media Player 2.x (38% unpatched, 46% market share and 5 vulnerabilities)
  • uTorrent for Windows 3.x (64% unpatched, 16% market share and 1 vulnerability)
  • Google Picasa 3.x (51% unpatched, 19% market share and 0 vulnerabilities)
  • Adobe Reader XI 11.x (44% unpatched, 17% market share and 227 vulnerabilities)
  • Audacity 2.x (64% unpatched, 10% market share and 2 vulnerabilities)
  • Adobe Shockwave Player 12.x (36% unpatched, 17% market share and 0 vulnerabilities)
  • Microsoft Internet Explorer 11.x (6% unpatched, 89% market share and 106 vulnerabilities)
  • PuTTY 0.x (56% unpatched, 9% market share and 0 vulnerabilities)

Meanwhile, the top ten EOL programs include:

  • Adobe Flash Player 23.x - (81% market share)
  • Microsoft XML Core Services (MSXML) - (58% market share)
  • Microsoft SQL Server 2005 Compact Edition - (50% market share)
  • Google Chrome 54.x - (47% market share)
  • Apple Quicktime 7.x - (38% market share)
  • Mozilla Firefox 49.x - (28% market share)
  • Google Chrome 53.x - (23% market share)
  • Oracle Java JRE 1.7 / 7.x - (19% market share)
  • 7-zip 9.5 - (15% market share)
  • Oracle Java JRE 1.6 / 6.x - (13% market share)

“Risk remains if unsupported, end-of-life programs containing vulnerabilities are running.  Private PC users should continually scan their devices and remove end-of-life programs from their systems.  Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs,” Lindgaard concludes. 

The Australia Country Report was based on data scans by Personal Software Inspector between October 1, 2016 and December 31, 2016.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.