SANS ISC: Secunia's PSI Country Report - Q3 2013

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

On the heels of discussing Microsoft's Security Intelligence Report v15 wherein the obvious takeaway is "Windows XP be gone!", Secunia's just-released PSI Country Report - Q3 2013 is an interesting supplemental read. Here are the summary details:

• Programs Installed: 75, from 25 different vendors
• 40% (30 of 75) of these programs are Microsoft programs
• 60% (45 of 75) of these programs are from third-party vendors
• Users with unpatched Operating Systems: 14.6% (WinXP, Win7, Win8, Windows Vista)
• Unpatched third-party programs on avg. PC: 10.7%
• Unpatched MS programs: 4.1%
• End-of-Life programs on average PC no longer patched by the vendor: 3.9%

Particularly interesting: "In the US, 79% of PC users who use Secunia PSI had Microsoft XML Core Services installed in Q3 2013. 50 % of these users had not patched the program, even though a patch is available. This means that an estimated 39.5 % of US PCs are made vulnerable by MSXML 4." Give the related Secunia blog post a read for more details as to why. Then get on with patching and removing that EOL software, folks. :-)