6.7% of UK programmes on private PCs are end-of-life and unpatched
6.7% of UK programmes on private PCs are end-of-life and unpatched

The average private user in the UK has 72 programmes on their PC, and 6.7 percent of them are end-of-life programmes that are no longer patched by the vendor, therefore they are insecure.

New Country Reports published by Secunia Research at Flexera Software provided status on vulnerable software products on private PCs in 12 countries during Q4 2016. The vulnerable applications were listed and ranked by the extent to which they expose those PCs to hackers.

In the UK, 7.2 percent of users had unpatched Windows operating systems during Q4 2016. Unpatched non-Microsoft programmes accounted for 12.5 percent.

The top five most exposed programmes for Q4 2016 were Apple iTunes 12.x (53 percent unpatched, 29 vulnerabilities); Oracle Java JRE 1.8.x/8.x (45 percent unpatched, 39 vulnerabilities); VLC Media Player 2.x (36 percent unpatched, five vulnerabilities); Adobe Reader XI 11.x (47 percent unpatched, 227 vulnerabilities) and Google Picasa 3.x (42 percent unpatched, zero vulnerabilities).

Since they are so widespread on devices today, the end-of-life programmes that contain unpatched software vulnerabilities are popular attack vectors for hackers to exploit.

The top five end-of-life programmes are Adobe Flash Player 23.x, Microsoft XML Core Servuces MSXML 4.x, Microsoft SQL Server 20015 Compact Edition, Google Chrome 54.x and Apple QuickTime 7.x.

“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems. But risk remains if unsupported, end-of-life programmes containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programmes from their systems. Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of-life programmes,” said Kasper Lindgaard, director of Secunia Research at Flexera Software.