As the fallout from the #WannaCry ransomware attack continues to reverberate around the world, a new report by software vulnerability and patch management expert, Flexera, has an ominous warning for companies and individuals: the threat is growing – and people are getting lazier about protecting themselves.
Secunia Research@Flexera has just published its Country Report covering the first quarter of 2017. The report reveals an alarming trend: More vulnerabilities are being found in U.S. PC operating systems, while at the same time, users aren’t patching them as diligently. Vulnerabilities are errors in software that can work as an entry point for hackers – like the vulnerability exploited by the WannaCry ransomware attack. They are a root cause of security issues and can be exploited to gain access to IT systems. According to the Flexera report:
• The percentage of U.S. PC users with unpatched Windows operating systems was 9.8% in Q1, 2017, up from 7.5% last quarter and 6.5% in Q1, 2016.
• The percentage of vulnerabilities originating in operating systems in the U.S. was 36% in Q1, up from 33% in Q4, 2016 and 21% in Q1, 2016.
Today’s report is stunning because the Flexera data reveals the threat of harm from these attacks is actually increasing. But the opposite should be true. That’s because most known vulnerabilities have patches available on the date of their disclosure. According to Flexera’s annual Vulnerability Review published earlier this year, in 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.
Despite the availability of patches – like the Microsoft Patch that could have prevented harm from the WannaCry attack – an alarming number of companies and individuals simply did not apply them.
“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera Software. “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”
The Country Reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to vulnerabilities.
Key Findings in the U.S. Country Report Include:
• 9.8 percent of users had unpatched Windows operating systems in Q1, 2017.
• On average 14.1 percent of non-Microsoft programs were unpatched in Q1, 2017.
• The top three most exposed programs for Q1 were Apple iTunes 12.x. (56 percent unpatched, 43 percent market share, 77 vulnerabilities), Oracle Java JRE 1.8.x / 8.x (52 percent unpatched, 47 percent market share, 44 vulnerabilities), and VLC Media Player 2.x (40 percent unpatched, 27 percent market share, 6 vulnerabilities).
The 12 Country Reports are based on data from scans by Personal Software Inspector between January 1, 2017 and March 31, 2017.