Millions of Windows Computers Never Patched
Security Company Qualys Inc. recently conducted a study according to which, over 80m Windows computers in the range of 5%-20% of all PCs are always short of getting patched against security flaws, including those that Microsoft revealed via its monthly cycle of security fixes.
Following an analysis of certain security bulletins that Microsoft issued during 2008, Qualys found that for every vulnerability, a high percentage of the computers the company scanned remained un-patched although in some instances, over a year had expired since Microsoft released the updates.
These updates are MS08-007, a lone patch within the February 2008 security bulletin for Windows' WebDAV MiniRedirector. Attackers exploiting its associated flaw could execute malicious software on the affected system, remotely. Another patch MS08-015 was issued in the March 2008 bulletin that associated with a loophole in Microsoft' Outlook. This loophole could be abused with a user made to access a malware-ridden website.
Moreover, the MS08-021 update consisting of two patches was issued in April 2008 to address Windows Graphics Device Interface (GDI), the operating software's core component receiving frequent fixes. This update was issued to address a flaw that could let execution of malicious code remotely. Reportedly, even so late as in 2009, MS08-021 remains unapplied on 20% of all computers that Qualys examined.
Further, said Qualys, the total number of systems that were not patched with the MS08-015 update went down sometimes to around 5%.
Said chief technology officer Wolfgang Kandek of Qualys that the company found it hard to tell why the systems were not patched. ComputerWorld published this on April 23, 2009. Kandek added that the system owners either didn't bother, or lacked the required resources for patching. The CTO was disclosing his findings to the delegates at the RSA Security Conference in San Francisco.
Meanwhile, security experts said since some computer owners never patch their systems, they always remain exposed to threats even to aging malware. In the particular instance of the Conficker worm, many users who have not applied its patch continue to encounter hazards.
Therefore, the experts advise that whenever vendors release security patches, users should proactively adopt them.
» SPAMfighter News - 30-04-2009