Vulnerabilities are increasing

New Secunia Research@Flexera Country Report reveals the number of OS vulnerabilities is increasing, while users are losing ground patching them.

Tuesday, 16th May 2017 Posted 7 years ago in by Phil Alsop

As the fallout from the #WannaCry ransomware attack continues to reverberate around the world, a new report by software vulnerability and patch management expert, Flexera, has an ominous warning for companies and individuals: the threat is growing – and people are getting lazier about protecting themselves.

Secunia Research@Flexera has just published its Country Report covering the first quarter of 2017. The report reveals an alarming trend: More vulnerabilities are being found in UK PC operating systems, while at the same time, users aren’t patching them as diligently. Vulnerabilities are errors in software that can work as an entry point for hackers – like the vulnerability exploited by the WannaCry ransomware attack. They are a root cause of security issues and can be exploited to gain access to IT systems. According to the Flexera report:

The percentage of UK PC users with unpatched Windows operating systems was 9.0% in Q1, 2017, up from 7.2% last quarter and 6.1% in Q1, 2016.
The percentage of vulnerabilities originating in operating systems in the UK was 38% in Q1, up from 35% in Q4, 2016 and 22% in Q1, 2016.

Today’s report is stunning because the Flexera data reveals the threat of harm from these attacks is actually increasing. But the opposite should be true. That’s because most known vulnerabilities have patches available on the date of their disclosure. According to Flexera’s annual Vulnerability Review published earlier this year, in 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of vulnerabilities in all products had patches available on the day of disclosure in 2016.

Despite the availability of patches – like the Microsoft Patch that could have prevented harm from the WannaCry attack – an alarming number of companies and individuals simply did not apply them.

“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera Software. “This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”

The Country Reports provide status on vulnerable software products on private PCs in 12 countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to vulnerabilities.