IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Yes, Australians do patch Windows - but not their software, report finds
Thu, 11th Aug 2016
FYI, this story is more than a year old

Flexera Software has found good news and bad news for both Australian Windows users and cybersecurity. New research from Secunia Research shows that the percentage of unpatched Windows operating systems dropped in the second quarter of 2016, but the percentage of unpatched non-Microsoft software is on the rise.

Secunia's research, titled Australia Country Reports, shows that 4.4% of Australian users were running unpatched Windows operating systems, down from 5.1% in Q1 2016 and 12.4% in Q2 2015, suggesting that users are realising the importance of protecting their PCs from hackers.

“The decline in unpatched Windows operating systems is remarkable and encouraging. It will be interesting to see if this trend continues over the long run, especially as Windows 10 and its automated updates become more widely deployed, says Kasper Lindgaard, director of Secunia Research at Flexera Software.

In sharp contrast, 12.9% of users were running unpatched non-Microsoft programs, up from 12.4% in Q1 2016 and 11.6% in Q2 2015, suggesting that users are ignoring security patch warnings, particularly as users must manually approve and launch the automated process.

The most common unpatched programs include

  • VLC Media Player 2.x (56 percent unpatched, 45 percent market share, 8 vulnerabilities)
  • Oracle Java JRE 1.8.x/8x (46 percent unpatched, 45 percent market share, 67 vulnerabilities
  • Apple iTunes 12.x (30 percent unpatched, 48 percent market share, 130 vulnerabilities).

“If users install software but then ignore alerts and fail to initiate the patch process when a vulnerability is found, they will remain exposed to that vulnerability. That is very unfortunate and has the potential to result in a bad outcome," Lindgaard explains.

These top three most exposed programs represent 205 vulnerabilities, 23 were fixed using 'extremely critical' patches and 180 fixed using 'highly critical' patches. These critical patches protect systems from compromise. Unpatched systems can potentially be accessed and exploited by hackers.

Flexera Software says that exploitation attacks can come from anywhere, including FTP, HTTP, SMTP, email applications and browsers.

“The number of vulnerabilities just in the top three products underscores the vastness of the opportunity for hackers to gain entry into exposed systems, and the reason Software Vulnerability Management is so essential. The easiest, fastest and least costly way for companies and individual users to minimise risk is to patch known vulnerabilities before they become a problem," Lindgaard concludes.

The report was based on data from Flexera's Personal Software Inspector between April 1, 2016 and June 30, 2016.