All Vulnerabilities Flexera

The latest review from Flexera Software shows that non-Microsoft products are the most likely to cause vulnerabilities, although there is a clear trend in year-on-year increases for all vulnerabilities.

There has been a sizeable increase of software vulnerabilities on PCs running Windows operating systems according to a new report. However, most of those problems are caused by third party products and not by those created by Microsoft.

That’s according to the new Vulnerability Review from Flexera Software, which shows that in 2015 there were 16,081 vulnerabilities from 263 vendors and 2,484 products.

2014 saw 15,698 vulnerabilities over 3,907 products from 514 vendors, with Secunia Research at Flexera Software describing the difference thusly:

The substantial 36 percent drop in number of products and 49 percent drop in vendors primarily reflects an adjustment in focus from Secunia Research to only monitor the systems and applications in use in the environments of customers of Flexera Software’s Software Vulnerability Management product line. This change is caused by a continuous rise in the number of vulnerabilities reported in recent years, and we are currently seeing other research houses choosing similar strategies; CVE Mitre, for example“.

The rise in vulnerabilities is cause for concern, but most of the vulnerabilities (45.6%) were deemed “less critical” and 25.5% were only moderately critical. However, 13.3% of all vulnerabilities were highly critical, while 0.8% were extremely critical. Remote networks are unsurprisingly the biggest vector for vulnerabilities (57%), followed by local networks (35%) and an individual machine (8%).

Vulnerabilities have been increasing year on year since 2010, a year in which just 9,764 were found, meaning in just five years the amount of attacks have increased by nearly 80%.

The Flexera Personal Software Inspector shows that over the 50 most popular private PC applications, vulnerabilities are more frequent in non-Microsoft products. Indeed, the figures show that just 21% of the products are made by Redmond, while 79% are non-Microsoft from other vendors.

Considering Microsoft products account for 67% of all the top 50 applications, it shows that the company’s offerings are relatively secure.

Zero day vulnerabilities (where the hack is made before a patch is issued) stayed static year-on-year at 25, while 84% of all recorded vulnerabilities were fixed with patches on the day of disclosure through last year.
The full report can be downloaded at Flexera’s website.

SOURCE: Flexera