Actu
New Vulnerability Update: Bundling With Adobe Flash® Exposes Windows® and Microsoft® Had More Vulnerable Products
December 2015 by Flexera
Flexera Software, the provider of
next-generation software licensing, compliance, security and installation solutions
for application producers and enterprises, today released a Vulnerability Update
covering the Top 20 products with the most vulnerabilities in August, September and
October 2015. The total number of recorded vulnerabilities in the three Top 20’s
was 2,450, and with 12 product entries, Microsoft products outnumber IBM’s eight
product entries.
The Vulnerability Update is a recurring report based on data from Flexera
Software’s Vulnerability Database. The report provides a Top 20 per month of
products with the most vulnerabilities recorded over a three month period, along
with brief comments from Secunia Research at Flexera Software.
In this edition, Secunia Research provides commentary on QNAP® NAS, a network
attached storage device, used for data storage by private users and small
businesses, and on vulnerabilities in security tools like AlienVault Unified
Security Management™ (USM). And the report puts Microsoft as the vendor with the
most vulnerable products over the three month period – a position held by IBM in
previous Vulnerability Updates.
“The reason so many Microsoft products are in the Top 20 lists this time is that
both Microsoft Internet Explorer and Microsoft Edge come bundled with Adobe Flash,
adding the 35 Flash vulnerabilities listed in August to Windows 8 and upwards. This
means that for Windows systems from 8 and later, the 35 vulnerabilities in Adobe
Flash Player are added to the Microsoft vulnerabilities, resulting in these products
climbing higher than they otherwise would,” explained Kasper Lindgaard, Director
of Secunia Research at Flexera Software.
New lesson: Start patching your fridge!
The report also touches on one of the new challenges facing the IT industry: the
Internet of Things (IoT), which is bringing more internet-connected devices into
businesses and the homes of consumers. IoT impacts both the ‘old’ IT guard -
application producers, and the security community - and newcomers, like
manufacturers creating Internet-connected intelligent devices, who must start
integrating software security into their product strategy.
“With the IoT trend comes the necessity to educate businesses and consumers and
get them to treat their connected devices – from telecommunications equipment and
medical devices to toasters, thermostats and cars - like their PC’s, full of
updateable software that can be vulnerable to hackers,” said Lindgaard, “We need
to get businesses and consumers to start applying security updates to their devices,
just as they should be doing to the software on their PCs and mobiles. The problem
is, that even though we have been trying to get the “apply security updates”
message across for more than 10 years, consumers still are not sufficiently aware
that they need to do so.”
You can download the Vulnerability Update here:
https://secunia.com/resources/reports/vulnerability-update/?utm_source=MarketWire&utm_medium=PR&utm_campaign=VulnUpdate5
