Story image

Automated Microsoft updates not enough to protect businesses - report

06 Jul 2018

Flexera has released a report revealing desktop apps that pose the biggest risks, so IT can create a plan to prevent attacks.

The Vulnerability Review 2018: Top Desktop Apps report was released as part of the annual report series from Secunia Research at Flexera.  

This new edition focuses on heavily used desktop applications, which can be easily breached through the Internet. 

It also serves as a guide for security patching, helping pinpoint what’s most important and requires immediate action.

“Companies are in desperate need to improve patching so they can reduce risk.  Ultimately that means creating a smart process,” says Flexera research and security senior director Kasper Lindgaard. 

“To do that you have to cut through the noise. Not all software updates are security related, and not all security updates are equally critical. 

“Having patching processes, supported by best-in-class technologies, gives you the visibility and intelligence you need to prioritise and act decisively.”

Most desktop app vulnerabilities pose extreme risk

The report reveals that security professionals need to pay close attention to desktop applications because most vulnerabilities found in these types of apps can be extremely dangerous. 

Whenever new vulnerabilities are reported, Secunia Research issues Advisories assessing their criticality, attack vector and solution status. 

They also create signatures and tested patches for easy configuration and deployment.  

This intelligence by Secunia Research allows desktop admins to quickly identify and prioritise critical security patches. 

Without such information, operation teams struggle to keep up with the large number of patches.

In 2017, 83% of the Secunia Advisories covering the top desktop applications were rated “Extremely” or “Highly” critical (compared to only 17% when you look at Secunia Advisories across all software applications ranked). 

Moreover, desktop applications are extremely vulnerable to attack via the Internet, making them attractive targets. 

94% of advisories relating to desktop apps could be exploited through the Internet, without any interaction with the user, or the need for them to take any action. 

Microsoft’s automated updates aren’t enough

The report also cautions users who incorrectly believe that Microsoft’s automated updates will shield them from vulnerability risk. 

In fact, the majority of desktop app vulnerabilities occur in non-Microsoft applications. 

65% of the vulnerabilities reported in the 50 most common desktop applications were found in non-Microsoft apps. 

The report offers compelling evidence that to significantly reduce corporate risk, security teams must patch non-Microsoft and Microsoft applications.

“Organisations can improve security patching in just three steps,” adds Lindgaard. 

“First, arm desktop admins with security Key Performance Indicators to keep security patching a high priority.  Second, create an inventory of desktop apps to make installing a patch easier.  Finally, put prioritisation and sourcing patches on a schedule, so patches are consistently monitored and applied quickly.”

When armed with vulnerability intelligence, IT professionals can get ahead of security risks with patches for almost all vulnerabilities affecting the most common desktop applications.  

How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.