Story image

Flexera identifies top PC vulnerabilities for Aussie users

28 Apr 2016

Australian PC users are making some progress in patching software vulnerabilities but significant challenges remain, according to Flexera Software’s latest report.

The company’s Secunia Research team investigated vulnerable software products on private PCs, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.

When it comes to Australia, key findings included unpatched Microsoft Windows operating systems are on the decline, Apple QuickTime users are slower to patch, and there has been a slight increase in instances of unpatched Oracle Java software.

Microsoft Windows operating systems: Flexera finds the percentage of private PCs with unpatched operating systems (Windows 7, Windows 8, Windows 10, Windows Vista) in Australia is on the decline. As of the end of Q1 2016, 5.9% of users had unpatched Windows operating systems, compared to 13.8% at the same time last year.

Apple QuickTime: 63% of Australian private users have not patched their Apple QuickTime 7.x software. This number is up from 55% in Q4 2015.

Oracle Java: 40% of Australian private users were running unpatched versions of Oracle Java JRE 1.8x/8.x. This is a slight increase from 36% in Q4 2015.

Across the board, Flexera found that users are applying patches more diligently and unpatched Java programs are on the rise.

Users applying operating system patches more diligently

The decrease in unpatched Microsoft Windows operating systems is encouraging given the large number of Windows operating system vulnerabilities recorded in 2015, as reported in Flexera Software’s recently published Vulnerability Review 2016. 

“Criminals use vulnerabilities as attack vectors to illegally gain entry into systems,” says Kasper Lindgaard, director of Secunia Research at Flexera Software. 

“Companies and individuals can substantially reduce the likelihood of a successful attack by diligently applying vulnerability patches as soon as they become available. Based on the data reflected in today’s Country Report, it would appear that private users are, indeed, becoming more diligent at patching their Windows operating systems,” he says.

Unpatched Java programs on the rise

The statistics regarding Java, on the other hand, are less encouraging, Flexera says. At 40% unpatched and 44% market share, Oracle Java JRE 1.8x/8x was the product with the fourth highest risk exposure in Q1 2016, up from 36% unpatched in Q4, 2015. 

Oracle did issue a critical Java patch release on March 23, 2016. In addition, Secunia Research at Flexera Software issued a Security Advisory on the Java vulnerability on March 10, with a Criticality Rating of Highly Critical – so the percentage of unpatched Java programs may decline in the future.

“A Criticality Rating of ‘Highly Critical’ is typically reserved for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure.” added Lindgaard. 

“Despite our warnings and the availability of a patch, a significant percentage of private Java users remain vulnerable,” he says.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.