Among the most common missing updates are those for Java, Microsoft technologies, Adobe Flash Player, Firefox and Open Office.
“From the numbers, it appears many people don’t fully understand that keeping software up-to-date is a critical component of computer and business security,” says Esa Tornikoski, Product Manager at F-Secure. “70 to 80 percent of the top ten malware detected by our Labs are exploits targeted against software vulnerabilities.”
According to the data, 49 percent of corporate PCs and laptops are missing one to four critical updates, 25 percent are missing five to nine, and 13 percent are missing ten or more.
The numbers are striking, especially with attacks on corporates and institutions via software vulnerabilities headlining the news in recent months.
The Red October malware, which stole sensitive information from governmental and research organizations as well as companies for five years until it was exposed in January, relied on exploits in Microsoft Word, Excel and Java.
These data breaches, all exploiting software vulnerabilities that have long been patched, could have been avoided simply by keeping software current.