News of software vulnerabilities often centers on products from well-known companies that potentially put large numbers of end users at risk.
But a new report from software solutions company Flexera Software reveals that the niche products used by specialist industries can be just as much of a problem.
It reveals that the product with the highest number of vulnerability issues between May and July this year was Philips Xper Connect, a hospital information system, which had 272 vulnerabilities. This underscores the need to extend software vulnerability management diligence across all software assets found on corporate or personal systems — not just those that are well known or most widely used.
“The healthcare industry is a prime target for hackers looking to harvest protected health information and personally identifiable information for trading in the underground markets,” says Kasper Lindgaard, director of Secunia Research at Flexera Software. “Healthcare providers, therefore, must be aware of the software vulnerabilities that may exist in their own environments, understand the criticality of those vulnerabilities and take swift and appropriate actions to patch them before exploitation occurs”.
Of course bigger software suppliers still have problems too. There were 2,686 vulnerabilities across the top 20 products in the quarter, with Microsoft the most vulnerable single vendor having 518 vulnerabilities found. The four Microsoft products in the top 20 were, perhaps unsurprisingly, all operating systems; Windows 10, Windows Server 2012, Windows 8 and Windows RT.
“The bad news is that the overall rate of vulnerabilities remains high, and specifically with respect to operating systems — underscoring the need for users to be diligent about patching their operating systems,” adds Lindgaard. “The good news is, that is exactly what is happening. In our recently released Country Reports, the number of private PC users with unpatched Windows operating systems declined to 6.3 percent, down from 12.5 percent the previous year”.
To see the results in more detail you can download Flexera’s latest Vulnerability Update from the company’s website.