Freely subscribe to our NEWSLETTER

These conclusions can be drawn from just-released Country Reports covering Q3 2016
for 12 countries, published by Secunia Research at Flexera Software, the leading
provider of Software Vulnerability Management Solutions. The reports provide status
on vulnerable software products on private PCs in 12 countries, listing the
vulnerable applications and ranking them by the extent to which they expose those
PCs to hackers.

Key Findings in the U.K. Country Report Include:

· 6.4 percent of users had unpatched Windows operating systems in Q3 of
2016, up from 5.4 percent in Q2 of 2016 and down from 7.9 percent in Q3, 2015.
· 12.8 percent of users had unpatched non-Microsoft programmes in Q3, 2016,
up from 12.6 percent in Q2 of 2016 and 11.3 percent in Q3 of 2015.
· The top three most exposed programmes for Q3, 2016 were Oracle Java JRE
1.8.x / 8.x. (45 percent unpatched, 41 percent market share, 57 vulnerabilities),
Apple iTunes 12.x (44 percent unpatched, 39 percent market share, 50
vulnerabilities), and VLC Media Player 2.x (45 percent unpatched, 36 percent market
share, 7 vulnerabilities).

Level of Unpatched Windows Operating Systems Stabilizing

Though the level of unpatched private PC Windows operating systems may tick up or
down from quarter to quarter, it appears to be stabilising at lower levels compared
to this time last year. Time will tell whether this trend continues, but
Microsoft’s recent announcement moving to a roll-up model for Windows 7 SP1,
Windows 8.1, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2
updates may help. Microsoft says all supported versions of Windows will now follow a
similar update servicing model, bringing a more consistent and simplified servicing
experience.

“We will be tracking this closely to determine whether the recent declines in
unpatched Windows operating systems are a blip or indicative of a long term
trend,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software.
“If it is a trend, the consumer will ultimately benefit by the reduced attack
surface that hackers can exploit within the Windows OS.”

The Attack Surface for Non-Microsoft Applications Continues to Grow
The security news was not all rosy for private PC users. The level of unpatched
non-Microsoft programmes continues its upward trend. The reasons are likely due to
the process consumers must utilise to implement security patches. Microsoft is
standardising its patch process and automation across its entire application
portfolio. In contrast, each non-Microsoft vendor may have its own patch process –
requiring the user to be much more knowledgeable and diligent. And according to the
2016 Vulnerability Review, non-Microsoft programs represent 60 percent of the
applications on a computer.

“Most users do not devote the time and attention necessary to keep up-to-date with
the latest security patches across all the applications on their PCs. And for
non-Windows applications, it takes more effort,” added Lindgaard. “This why
automated patch management systems like Corporate Software Inspector for
enterprises, and Personal Software Inspector for consumers, are so important.”

The 12 Country Reports are based on data from scans by Personal Software Inspector
between July 1, 2016 and September 30, 2016.