To analyze the current state of device security, Duo Security analyzed more than two million devices, 63 percent of which were running Microsoft operating systems.
Researchers found that 65 percent of all Windows devices are running Windows 7, affected by approximately 600 security vulnerabilities.
To make things even more dangerous, tens of thousand of devices are still running Windows XP 15 years after its release. This represents more than 700 vulnerabilities, 200 of which are rated as high-to-critical.
- Nearly 62 percent of devices running IE have an old version of Flash installed potentially making them susceptible to compromise by an exploit kit containing code for Flash vulnerabilities.
- Ninety-eight percent of devices running IE have Java installed. Businesses have legacy and custom applications that rely on Java. Java remains a top target of attackers.
- Forty-two percent of all devices analyzed used Microsoft services, including Remote Desktop Protocol, Outlook Web Access, and Remote Desktop Gateway.
“Malicious actors rely on out-dated and up-patched software, including operating systems, so they can automate malware distribution because they can save time and money – thereby increasing their profits,” said Stephen Singam, Managing Director, Security Research at Distil Networks, told Help Net Security.
“Reports like this are alarming because there is clearly a dangerously high number of devices that are worth targeting. The likelihood of one of these devices being compromised and subsequently added to a botnet are high and the likelihood of the owner of the device knowing their device has been compromised is low,” Singam added.