Surprisingly, around a quarter of Windows users have outdated Internet Explorer (according to Duo Security research figures). These figures also indicate that half of users running Windows XP on devices are using either IE 8 or 7. Having out-of-date (and so probably unsupported) browser offers serious vulnerabilities. Chrome users are top for updating.
Duo figures show 40% of XP devices are running with IE 8, and 10% of users with IE 7. 25% of ALL Windows devices have the outdated IE 10 or earlier versions. It cannot be underestimated what a gift this is for malware operators. Google’s Chrome browser takes the top spot with 82% of users being current, compared with: 58% of Edge and IE 11 users; 66% of Firefox browsers and 49% for Safari. These figures may reflect Google’s automatic roll-out method for newer versions of Chrome without asking for user permission. Chrome also blocks Flash ads which can be an entry point for malware.
Seven hundred potential vulnerabilities have been found in unpatched Windows operating systems (some of these are are also in IE 11 and Edge). If this is bad news for the outdated private user at risk of ID theft or ransomware, just think about the potential malware breaches and data-loss these vulnerabilities pose to a company. As XP has expired and is no longer supported, this presents grave prospects if non-current devices are used to connect to a commercial network. As IE10 and prior have also had end-of-life support stopped, these are also a risk.
When Windows is compared with other OS, Mac users are shown to be more current than Windows. This could be due to the fact that Apple updates are more stable, whereas Windows’ are notorious for causing major operating problems in the past. OS X updates are also more heavily promoted, and this could be part of the reason. Of Mac users, 53% are running fully-patched, latest OS X systems (or the previous, still supported version) compared with 35% of all Windows users running v10 and 8.1. This said, 8% of Apple users are running 10.8 or earlier – now unsupported and vulnerable.
It is not only an OS issue: flawed Flash and Java are traditionally prime targets for hackers using exploit kits to infiltrate systems. Duo’s figures also show that 60% and 70% respectively of users with these apps are out of date. Again, think of the commercial risk, especially as larges numbers of staff use personal devices to access company applications – this could easily lead to malware infiltrating a network. At the time of writing, more emergency patches have been issued by both of the above developers – though if users do not apply these.
Duo said in conclusion to their findings, “The changing security landscape and rapid adoption of cloud apps necessitates an increased emphasis on security hygiene basics“.