Flexera Software, the leading provider of next-generation software licensing, compliance, security and installation solutions for application producers and enterprises, today released a Vulnerability Update covering the Top 20 products with the most vulnerabilities inMay, June and July 2016. According to the report, the total number of recorded vulnerabilities across these top 20 products was 2,686.
The Vulnerability Update is a recurring report based on data from Flexera Software’s Vulnerability Database. It provides a Top 20 per month of products with the most vulnerabilities recorded over a three month period, along with brief comments from Secunia Research at Flexera Software.
High Rate of Vulnerabilities Underscores Patching Need – Especially in Operating Systems
The Vulnerability Update reveals that Microsoft was the vendor with the most vulnerabilities across the top 20 products from May through July, with a total of 518 vulnerabilities. The four Microsoft products landing in the “top 20,” all operating system products, were Windows 10, Windows Server 2012, Windows 8 and Windows RT.
“The bad news is that the overall rate of vulnerabilities remains high, and specifically with respect to operating systems – underscoring the need for users to be diligent about patching their operating systems,” noted Kasper Lindgaard, Director of Secunia Research at Flexera Software. “The good news is, that is exactly what is happening. In our recently released Country Reports, the number of private PC users with unpatched Windows operating systems declined to 6.3 percent, down from 12.5 percent the previous year.”
Attack Vectors Abound in Niche Software – Just Look at Healthcare
Much of the discussion around security often focuses on high-profile vendors whose products are widely familiar. But according to today’s report, the product with the highest number of vulnerabilities between May through July was Philips Xper Connect (272 vulnerabilities), a hospital information system. This underscores the need to extend Software Vulnerability Management diligence across all software assets found on corporate or personal systems – not just those that are well known or most widely used.
“The healthcare industry, for instance, is a prime target for hackers looking to harvest Protected Health Information and Personally Identifiable Information for trading in the underground markets,” commented Lindgaard. “Healthcare providers, therefore, must be aware of the software vulnerabilities that may exist in their own environments, understand the criticality of those vulnerabilities and take swift and appropriate actions to patch them before exploitation occurs.”