SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
The stats are in: Japanese PC users at risk of attack through old and unpatched software
Tue, 28th Feb 2017
FYI, this story is more than a year old

Japanese PC users have work to do when it comes to patching their software and using newer, up-to-date programs, a new study from Secunia Research at Flexera Software has found.

The average private user has 63 programs on their PC from 21 different vendors and 7% of those are at the end of their life (EOL), meaning they are no longer patched by the vendor. Users have to master 21 different update mechanisms to remediate vulnerabilities.

It also means attackers can easily take advantage of security holes in those programs because they are so widespread.

“Software Vulnerability Management is an effective strategy for minimising the attack surface by enabling people and organisations to identify known vulnerabilities on their devices, prioritise those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” comments Kasper Lindgaard, director of Secunia Research at Flexera Software.

6.5% had unpatched Windows operating systems in Q4 2016. In addition, 12.8% are running unpatched non-Microsoft programs.

The top 10 exposed non-Microsoft programs are:

  • Apple iTunes 12.x. (57% unpatched, 42% market share, 29 vulnerabilities)
  • Oracle Java JRE 1.8.x / 8.x (53% unpatched, 43% market share, 39 vulnerabilities)
  • Lhaplus 1.x (63% unpatched, 26% market share, 0 vulnerabilities)
  • Adobe Reader XI 11.x (33% unpatched, 28% market share and 227 vulnerabilities)
  • VLC Media Player 2.x (38% unpatched, 19% market share and 5 vulnerabilities)
  • Adobe Acrobat Reader DC 15.x (13% unpatched, 43% market share and 227 vulnerabilities)
  • Microsoft Internet Explorer 11.x (5% unpatched, 91% market share and 106 vulnerabilities)
  • Line 4.x (44% unpatched, 11% market share and 1 vulnerability)
  • Oracle Java JDK 1.8.x / 8.x (67% unpatched, 7% market share and 39 vulnerabilities)
  • Google Picasa 3.x (62% unpatched, 7% market share and 0 vulnerabilities)

The top ten EOL programs in Japan are:

  • Adobe Flash Player 23.x - (80% market share)
  • Microsoft SQL Server 2005 Compact Edition (52% market share)
  • Microsoft XML Core Services (MSXML) 4.x - (52% market share)
  • Google Chrome 54.x - (43% market share)
  • Apple QuickTime 7.x (29% market share)
  • Google Chrome 53.x (21% market share)
  • Mozilla Firefox 49.x (18% market share)
  • Oracle Java JRE 1.7 / 7.x - (15% market share)
  • 7-zip 9.x (15% market share)
  • Oracle Java JRE 1.6 / 6.x - (13% market share)

“Risk remains if unsupported, end-of-life programs containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programs from their systems.  Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs,” Lindgaard concludes.

The Japan Country Report was based on data scans by Personal Software Inspector on December 1, 2016.