Secunia, the leading provider of IT security solutions for vulnerability management, has published its latest Secunia PSI Country Report, documenting the state of security among private PC users in the UK. The results show End-of-Life and unpatched security programs continue to leave systems vulnerable to exploits.
On the positive side, the number of users with an unpatched Microsoft Operating System has decreased from 12.4% to 9.7% during Q2. This number of operating systems does not include Microsoft’s Windows XP, which went End-of-Life at the beginning of the quarter. However, 69% of UK PC users were found to have an End-of-Life version of Adobe Flash Player 13 installed, with the majority of private users having not yet updated to version 14.
"Version 13 which has unpatched vulnerabilities in it, is no longer supported by the vendor Adobe, and no longer receives any security updates" explains Kasper Lindgaard, Director of Research and Security at Secunia. "By removing the program or updating to the latest version, users can instantly make their PCs a great deal more secure."
The report also reveals that Microsoft XML Core Services 4 (MSXML) continues to be the most exposed program, having been so for over 19 months since December 2012. In the UK, 74% of PC users who use the Secunia PSI had Microsoft XML Core Services installed in Q2 2014. 40% of these users had not patched the program, even though a patch is available, meaning an estimated 30% of UK PCs are made vulnerable by MSXML 4.
Kasper Lindgaard, Director of Research and Security at Secunia said: "The reason MSXML is topping the list is because of the way updates for the software are being handled: Normally, patches for Microsoft products are offered through Windows Update, but in the case of MSXML, patches are only offered for MSXML Service Pack 3. Since older MSXML Service Packs are considered End-of-Life, users are not being offered patches as they normally would."
The situation can be remedied by installing the latest Service Pack for the software. To be made aware when new Service programs and updates become available it is advised that consumers download the Secunia PSI 3.0, a free computer security scanner which identifies software applications that are insecure and in need of security updates. Businesses can also subscribe to the Secunia CSI.
"Private users still have a long way to go when it comes to vulnerability awareness, which means understanding that it is important to apply security patches to vulnerable software programs to protect their PCs, and the data on them from hackers", concluded Kasper Lindgaard.
Secunia’s country reports (secunia.com) are based on data from scans of thousands of PCs by the Secunia Personal Software Inspector between 1 April and 31 June 2014. It is safe to assume that Secunia PSI users are more secure than other PC users, therefore these figures can be considered conservative estimates.