Story image

Yes, Australians do patch Windows - but not their software, report finds

11 Aug 2016

Flexera Software has found good news and bad news for both Australian Windows users and cybersecurity. New research from Secunia Research shows that the percentage of unpatched Windows operating systems dropped in the second quarter of 2016, but the percentage of unpatched non-Microsoft software is on the rise.

Secunia's research, titled Australia Country Reports, shows that 4.4% of Australian users were running unpatched Windows operating systems, down from 5.1% in Q1 2016 and 12.4% in Q2 2015, suggesting that users are realising the importance of protecting their PCs from hackers.

“The decline in unpatched Windows operating systems is remarkable and encouraging. It will be interesting to see if this trend continues over the long run, especially as Windows 10 and its automated updates become more widely deployed, says Kasper Lindgaard, director of Secunia Research at Flexera Software.

In sharp contrast, 12.9% of users were running unpatched non-Microsoft programs, up from 12.4% in Q1 2016 and 11.6% in Q2 2015, suggesting that users are ignoring security patch warnings, particularly as users must manually approve and launch the automated process.

The most common unpatched programs include

  • VLC Media Player 2.x (56 percent unpatched, 45 percent market share, 8 vulnerabilities)
  • Oracle Java JRE 1.8.x/8x (46 percent unpatched, 45 percent market share, 67 vulnerabilities
  • Apple iTunes 12.x (30 percent unpatched, 48 percent market share, 130 vulnerabilities).

“If users install software but then ignore alerts and fail to initiate the patch process when a vulnerability is found, they will remain exposed to that vulnerability. That is very unfortunate and has the potential to result in a bad outcome," Lindgaard explains.

These top three most exposed programs represent 205 vulnerabilities, 23 were fixed using 'extremely critical' patches and 180 fixed using 'highly critical' patches. These critical patches protect systems from compromise. Unpatched systems can potentially be accessed and exploited by hackers.

Flexera Software says that exploitation attacks can come from anywhere, including FTP, HTTP, SMTP, email applications and browsers.

“The number of vulnerabilities just in the top three products underscores the vastness of the opportunity for hackers to gain entry into exposed systems, and the reason Software Vulnerability Management is so essential. The easiest, fastest and least costly way for companies and individual users to minimise risk is to patch known vulnerabilities before they become a problem," Lindgaard concludes.

The report was based on data from Flexera's Personal Software Inspector between April 1, 2016 and June 30, 2016.

Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
IDC: Top 10 trends for Australia’s digital transformation
The CDO title is declining, 35% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Exclusive: How Australian businesses can foster customer loyalty with CX
From boardrooms to meeting rooms, there’s an overwhelming recognition of the importance of CX, particularly when it comes to building customer loyalty.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide.