A vulnerable software program that isn’t patched compromises the security of the PC. This is because it leaves the PC vulnerable to being exploited by hackers. Vulnerabilities are discovered in software programs on a regular basis, and most vendors release a patch to be applied in the form of a security update. If these updates are not performed, the PC is vulnerable to attack and hackers can use the vulnerability as an entry point into the corporate computing environment.
The WannaCry attacks and its consequences highlight how neglecting security patches can have a catastrophic impact on businesses. We believe that one of the main reasons for the success of this attack is the gap in processes to remediate known software vulnerabilities.
Keeping up with Security Patching is Hard Work
Cybercriminals know that most private users consider regular security maintenance of their PC hard work. As a result, a lot of users have PCs that are inadequately patched and therefore easily compromised. On a typical PC in the USA, users have to master 26 different update mechanisms to patch the 75 programs on it, in order to remediate those vulnerabilities.
The Flexera Country Reports are based on data collected from the millions of users of Flexera´s Personal Software Inspector. The data includes the average numbers of installed programs – patched and unpatched – on private PCs and tells you how much vulnerable software is present on private PCs in your country, plus a few extra, interesting facts
In the United States in Q1 2017…
9.8% of users had unpatched Windows operating systems
14% of non-Microsoft programs were unpatched
The top ten most exposed programs are shown in the chart below:
To learn more about this research visit the complete country reports for each of the countries listed below:
At Flexera, the Secunia Research Team is deeply committed to discovering new vulnerabilities, focusing on popular, widely used enterprise and end-user software used by the community. When discovered, these vulnerabilities are always reported to the vendors with whom we work to get the vulnerabilities fixed according to our responsible disclosure policy.