Around 7% of programs on the average UK user’s PC are unsupported and unpatched, leaving them exposed to exploits, according to the latest data from Flexera Software.
The firm’s Secunia Research division released its latest country reports for the fourth quarter of 2016 and it wasn’t good news for the UK.
Of the average 72 programs from 25 vendors installed on PCs, 6.7% are so-called “end-of-life” versions for which vendor patches are no longer available, and 7.2% of users have unpatched operating systems.
Hackers are likely to target such systems with exploits, knowing that users find security maintenance like patch management hard work and often allow gaps to appear, Flexera said.
The issue is compounded by the fact that the average PC is running a hotchpotch of software from different vendors, with different update mechanisms.
Some 42% are Microsoft programs and therefore can be managed together, but 58% are from third party vendors. That means users have on average 25 different update mechanisms to manage, the security firm said.
Partly as a result, 12.5% of UK PC users had unpatched non-Microsoft programs in Q4 2016, up from 11.4% the year previously.
“Software vulnerability management is an effective strategy for minimizing the attack surface by enabling people and organizations to identify known vulnerabilities on their devices, prioritize those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” said Secunia Research director, Kasper Lindgaard.
“But risk remains if unsupported, end-of-life programs containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programs from their systems. Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs.”
Microsoft users are currently exposed to an unpatched bug after the computing giant cancelled its Patch Tuesday update round this month and Google researchers went ahead and disclosed the flaw anyway.