PC Users Still Failing to Patch Non-Microsoft Apps

UK PC users are still struggling to patch non-Windows applications, exposing themselves to unnecessary risk, according to Secunia Research.

The Flexera Software company’s latest round of country-level reports for Q3 2016 revealed that 12.8% of UK PC users had unpatched non-Microsoft programs in the quarter, up from 12.6% in the previous quarter and 11.3% a year ago.

That means a growing attack surface for hackers to exploit, and could be a result of third party apps all requiring various different patching routines and systems, according to director of Secunia Research, Kasper Lindgaard.

“Most users do not devote the time and attention necessary to keep up-to-date with the latest security patches across all the applications on their PCs. And for non-Windows applications, it takes more effort,” he argued.

As for Microsoft software, some 6.4% of UK users had unpatched Windows operating systems in Q3 2016. While this is up slightly from the 5.4% in Q2 2016, it’s down fairly significantly from the 7.9% a year ago.

This stabilisation at fairly low levels could be helped going forward by Microsoft’s decision in October to move all supported versions of Windows to a similar update servicing model – bringing a more consistent and simplified experience.

"We will be tracking this closely to determine whether the recent declines in unpatched Windows operating systems are a blip or indicative of a long term trend,” said Lindgaard, in a prepared statement. “If it is a trend, the consumer will ultimately benefit by the reduced attack surface that hackers can exploit within the Windows OS.”

Oracle Java JRE 1.8.x / 8.x. was the most exposed program in Q3, with 45% of users not patching despite its 57 vulnerabilities. It was followed by Apple iTunes 12.x (44% unpatched, 50 flaws) and VLC Media Player 2.x (45%, 7 bugs).

Elsewhere in the country reports, Secunia found that slightly fewer users (6.1%) with unpatched Windows versions in the US, but more (13.8%) unpatched non-Microsoft programs.

“When compared to all countries covered in this report, the UK is doing slightly better in terms of patching vulnerabilities,” Lindgaard told Infosecurity.

“For instance, 7% of personal computer users globally had unpatched Microsoft operating systems, whereas in the UK only 6.4% had unpatched operating systems. And globally, 13.5% personal computer users had unpatched non-Microsoft programs, whereas in the UK the figure was only 12.8%.

What’s Hot on Infosecurity Magazine?