Companies failing to fix common vulnerabilities, says Kaspersky

Data from Kaspersky Security Network shows users lag in updating to newer versions of software

Tags: Kaspersky Lab
  • E-Mail
Companies failing to fix common vulnerabilities, says Kaspersky Users are not updating software to newer, safer versions.
By  Mark Sutton Published  March 24, 2013

End users are failing to update software in a timely fashion, leaving them open to known vulnerabilities, according to research by Kaspersky Lab.

The security company examined data from its cloud-based Kaspersky Security Network, which detected 132 million vulnerabilities spread over 11 million Windows PCs, an average of 12 vulnerabilities per user.

Despite the large number of vulnerabilities, only eight were widely used in popular exploit kits used by hackers, namely five Java vulnerabilities, two Adobe Flash Players vulnerabilities, and one in Adobe Reader.

Kaspersky found that even when fixes are available for such vulnerabilities, users are often slow to implement them. Within six weeks of the release of a new version of Java in September-October 2012, only 28.2% of users had installed the new, safer version. An obsolete, and exploitable, 2010 version of Adobe Flash Player was discovered on 10.2% of computers, while a vulnerability in Adobe Reader which was discovered in December 2011 remained unpatched on 13.5% of PCs in the sample.

Vyacheslav Zakorzhevsky, Vulnerability Research Expert at Kaspersky Lab commented: "What this research reveals is that releasing a fix for a security loophole shortly after discovery is not enough to make users and businesses secure. Inefficient update mechanisms have left millions of users of Java, Adobe Flash and Adobe Reader at risk. This, along with the whole series of critical vulnerabilities found in Java in 2012 and early 2013, highlights the need for the most up-to-date protection methods. Companies should take this problem very seriously, as security flaws in popular software have become the principle gateways for a successful targeted attack."

The security vendor suggests that companies use up to date anti-malware to stay protected, along with solutions to detect exploit behaviour, and solutions such as Kaspersky Systems Management, which is able to scan end points for vulnerabilities in the OS and third party software applications, and conduct a fallow up analysis using Kaspersky Lab's own unique vulnerabilities database, Secunia database and Microsoft Windows Update data services. Data about any vulnerability detected is then sent to the systems administrator, who can remotely set up the installation of necessary updates on vulnerable systems.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code