sb-as logo
Story image

The stats are in: Japanese PC users at risk of attack through old and unpatched software

28 Feb 2017

Japanese PC users have work to do when it comes to patching their software and using newer, up-to-date programs, a new study from Secunia Research at Flexera Software has found.

The average private user has 63 programs on their PC from 21 different vendors and 7% of those are at the end of their life (EOL), meaning they are no longer patched by the vendor. Users have to master 21 different update mechanisms to remediate vulnerabilities. 

It also means attackers can easily take advantage of security holes in those programs because they are so widespread.

“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” comments Kasper Lindgaard, director of Secunia Research at Flexera Software.  

6.5% had unpatched Windows operating systems in Q4 2016. In addition, 12.8% are running unpatched non-Microsoft programs.

The top 10 exposed non-Microsoft programs are:

  • Apple iTunes 12.x. (57% unpatched, 42% market share, 29 vulnerabilities)
  • Oracle Java JRE 1.8.x / 8.x (53% unpatched, 43% market share, 39 vulnerabilities)
  • Lhaplus 1.x (63% unpatched, 26% market share, 0 vulnerabilities)
  • Adobe Reader XI 11.x (33% unpatched, 28% market share and 227 vulnerabilities)
  • VLC Media Player 2.x (38% unpatched, 19% market share and 5 vulnerabilities)
  • Adobe Acrobat Reader DC 15.x (13% unpatched, 43% market share and 227 vulnerabilities)
  • Microsoft Internet Explorer 11.x (5% unpatched, 91% market share and 106 vulnerabilities)
  • Line 4.x (44% unpatched, 11% market share and 1 vulnerability)
  • Oracle Java JDK 1.8.x / 8.x (67% unpatched, 7% market share and 39 vulnerabilities)
  • Google Picasa 3.x (62% unpatched, 7% market share and 0 vulnerabilities)

The top ten EOL programs in Japan are:

  • Adobe Flash Player 23.x - (80% market share)
  • Microsoft SQL Server 2005 Compact Edition (52% market share)
  • Microsoft XML Core Services (MSXML) 4.x - (52% market share)
  • Google Chrome 54.x - (43% market share)
  • Apple QuickTime 7.x (29% market share)
  • Google Chrome 53.x (21% market share)
  • Mozilla Firefox 49.x (18% market share)
  • Oracle Java JRE 1.7 / 7.x - (15% market share)
  • 7-zip 9.x (15% market share)
  • Oracle Java JRE 1.6 / 6.x - (13% market share)

“Risk remains if unsupported, end-of-life programs containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programs from their systems.  Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs,” Lindgaard concludes. 

The Japan Country Report was based on data scans by Personal Software Inspector on December 1, 2016.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
rhipe acquires emt Distribution, with aim to expand into enterprise market
The acquisition will enable rhipe to deliver a comprehensive portfolio of end-to-end security capabilities to its partners, the company says.More
Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Remote work continues, and endpoint security cited as a must
Nearly half of workers will stay remote after the pandemic ends, and two out of three IT professionals are concerned with endpoint misuse, according to Prey Software's new study.More