Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises

Two in five Flash users DO update. Surprised?

By John Leyden

Posted in Security, 10th May 2016 15:24 GMT

A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more than 700 known vulnerabilities in process.

A study by mobile two-factor authentication firm Duo Security released today further reports that three in five (60 per cent) Flash users are running an out-of-date version, while 72 per cent have an outdated version of Java – exposing them to hundreds of vulnerabilities.

The stats are based on an analysis of a dataset of more than 2 million devices used by Duo Security’s customers (ranging from small startups to Fortune 500 enterprises) around the world. This issue of poorly patched Windows boxes is important because it leaves workers exposed to drive-by download attacks, a favourite hacker tactic readily put together using tools such as the Angler Exploit Kit and others. These attacks are routinely used to sling all sorts of nasties, including ransomware.

Mac users are more up to date than Windows users when it comes to operating systems. Google’s Chrome browser is the most up-to-date browser in Duo’s sample.

Last month Duo released an industry-specific breakdown of the same study that found that the healthcare industry is a long way behind the financial sector in basic security practices. ®

Sign up to our NewsletterGet IT in your inbox daily

18 Comments

More from The Register

VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Researchers using the service found a bunch of flaws

North Korea's finest spent 2017 distributing RATs, wipers, and phish

And sent them mostly to South Korea, naturally

No way, RSA! Security conference's mobile app embarrassingly insecure

Sorry about the hard-coded passwords, can we sell you some crypto now?

Oracle point-of-sale system vulnerabilities get Big Red cross

Patched, Oracle? Speedily

Google's PHP API client has XSS vulnerability

Patch promised

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed

White-box security webcam scatters vulnerabilities through multiple OEMs

Hands up anyone who tests what they stick their labels on. Anyone? We thought not

Beware the IDEs of Android: three biggies have vulnerabilities

Android Studio, Eclipse, and IntelliJ IDEA stabbed in the back by an XML parser

Hackers' delight: Mobile bank app security flaw could have smacked millions

Certificate pinning unpicked

First shots at South Korea could herald malware campaign of Olympic proportions

Russia, Norks and dog lovers all potential perps, say pundits