Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises

Two in five Flash users DO update. Surprised?

By John Leyden


A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more than 700 known vulnerabilities in process.

A study by mobile two-factor authentication firm Duo Security released today further reports that three in five (60 per cent) Flash users are running an out-of-date version, while 72 per cent have an outdated version of Java – exposing them to hundreds of vulnerabilities.

The stats are based on an analysis of a dataset of more than 2 million devices used by Duo Security’s customers (ranging from small startups to Fortune 500 enterprises) around the world. This issue of poorly patched Windows boxes is important because it leaves workers exposed to drive-by download attacks, a favourite hacker tactic readily put together using tools such as the Angler Exploit Kit and others. These attacks are routinely used to sling all sorts of nasties, including ransomware.

Mac users are more up to date than Windows users when it comes to operating systems. Google’s Chrome browser is the most up-to-date browser in Duo’s sample.

Last month Duo released an industry-specific breakdown of the same study that found that the healthcare industry is a long way behind the financial sector in basic security practices. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow

By design, though, not... er, general rubbishness

Larry's steely grip on Oracle led to 'conflicts of interest' in NetSuite buy-out, court told

Big Red's lawyers say $9.3bn deal was 'playbook' acquisition

North Korea's finest spent 2017 distributing RATs, wipers, and phish

And sent them mostly to South Korea, naturally

Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke

USB gizmo biz apologies amid infosec drama

Git security vulnerability could lead to an attack of the (repo) clones

Best git patching y'all

Google's PHP API client has XSS vulnerability

Patch promised

DoJ okays Netsuite slurp

US Treasury goes after IT shops for funneling cash to North Korea

Meanwhile, Norks deny Sony hacker ever existed

SoftNAS no longer a soft touch for hackers (for now)... Remote-hijacking vulnerability patched

Your files are someone else's files, too, thanks to storage bug

Oracle point-of-sale system vulnerabilities get Big Red cross

Patched, Oracle? Speedily