Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises

Two in five Flash users DO update. Surprised?

By John Leyden


A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more than 700 known vulnerabilities in process.

A study by mobile two-factor authentication firm Duo Security released today further reports that three in five (60 per cent) Flash users are running an out-of-date version, while 72 per cent have an outdated version of Java – exposing them to hundreds of vulnerabilities.

The stats are based on an analysis of a dataset of more than 2 million devices used by Duo Security’s customers (ranging from small startups to Fortune 500 enterprises) around the world. This issue of poorly patched Windows boxes is important because it leaves workers exposed to drive-by download attacks, a favourite hacker tactic readily put together using tools such as the Angler Exploit Kit and others. These attacks are routinely used to sling all sorts of nasties, including ransomware.

Mac users are more up to date than Windows users when it comes to operating systems. Google’s Chrome browser is the most up-to-date browser in Duo’s sample.

Last month Duo released an industry-specific breakdown of the same study that found that the healthcare industry is a long way behind the financial sector in basic security practices. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

South Korea reckons mystery hackers cracked open advanced weapons servers

No idea who could have been behind this one...

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes

Hope you're over that New Year's hangover – there's an Adobe PDF app patch to install

Pair of critical flaws cleaned up in Acrobat, Reader

Adobe forks out $4.75bn for Marketo in massive marketing mashup move

Deal puts pressure on competitors

Larry's steely grip on Oracle led to 'conflicts of interest' in NetSuite buy-out, court told

Big Red's lawyers say $9.3bn deal was 'playbook' acquisition

Adobe: Two critical Flash security bugs fixed for the price of one

Emergency patch lands, shuts pair of remote exploitable holes, one used by Norks

Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb

Coinkidink? Nah. Crooks are switching tactics

How many ways can a PDF mess up your PC? 47 in this Adobe update alone

Tons of critical fixes for Reader, Acrobat and Photoshop

Did you hear? There's a critical security hole that lets web pages hijack computers. Of course it's Adobe Flash's fault

The internet's screen door strikes again – so get patching

Apple puts bullet through 'Do Not Track', FaceTime snooping bug and iOS vulnerabilities

Patch your iThings – there are at least two holes being exploited right now in the wild