Unpatched end-of-life programmes with vulnerabilities are attack vectors hackers can exploit Secunia reports.
The average private user in the UK has 72 programmes installed on their PC, and 6.7 percent of them are End-of-Life programmes that are no longer patched by the vendor. End-of-life programmes containing unpatched software vulnerabilities are popular attack vectors for hackers to exploit because they are so widespread on devices today.
These conclusions can be drawn from just-released Country Reports covering Q4 2016 for 12 countries, published by Secunia Research at Flexera Software, the leading provider of Software Vulnerability Management Solutions. The reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.
“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software. “But risk remains if unsupported, end-of-life programmes containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programmes from their systems. Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programmes.”
Other Key Findings in the Country Report Include:
7.2 percent of users had unpatched Windows operating systems in Q4 of 2016, up from 6.4 percent in Q3 of 2016 and down from 8.0 percent in Q4, 2015.
12.5 percent of users had unpatched non-Microsoft programmes in Q4, 2016, down from 12.8 percent in Q3 of 2016 and up from 11.4 percent in Q4 of 2015.
The top three most exposed programmes for Q4 2016 were Apple iTunes 12.x (53 percent unpatched, 39 percent market share, 29 vulnerabilities), Oracle Java JRE 1.8.x / 8.x (45 percent unpatched, 41 percent market share, 39 vulnerabilities), and VLC Media Player 2.x (36 percent unpatched, 37 percent market share, 5 vulnerabilities)