Software Vulnerabilities in the US: Oracle Java JRE, VLC Player & Adobe Reader in Top Three

Software Vulnerabilities in the US: Oracle Java JRE, VLC Player & Adobe Reader in Top Three

A recent report from Flexera Software shows that in the 2nd Quarter of 2016 the number of unpatched Windows systems has dropped by more than 50% in the last 12 months however, users still have a lot of exposed vulnerabilities among their installed software programs.

These stats, which I will summarize below, are in Flexera's 2nd Quarter report which is based on data collected by their Personal Software Inspector program. According to Flexera they have data points from millions of users to collate and average out the number of installed programs and their patched/unpatched status on personal computers around the world.

The reason I find them interesting to share with IT Pros is that the vast majority of your users go home to a personal computer or laptop and likely do work on it. Once that work is done that completed document is either transferred through the cloud or via a USB flash drive to a work system. That makes it very important that you remain abreast of the trends in computer security and vulnerability with unpatched software and in turn develop policies that help to insure the integrity of your network.

Flexera has reports on several areas around the globe but I am going to focus on the US based statistics.

Here is the breakdown:

Typical PC User

  • Has 74 installed programs from 26 different companies
  • 42% (31 of 74) are from Microsoft
  • 58% (43 of 74) are from other companies
  • 5.5% of the operating systems (Windows Vista, 7, 8, 10) are unpatched
  • 13.5% of other vendor programs and 4.3% of Microsoft software is unpatched
  • 6.8% of the programs on systems have reached end of life status and are no longer patched by the vendor

Flexera Q2 2016 Vulnerability Report

Where Vulnerabilities Originate (Image via Flexera Software Q2 2016 Report)

The programs that are most likely to be unpatched include:

  • PuTTY 0.x (68%)
  • Adobe Reader XI (65%)
  • VLC Media Player (60%)

However, when you list those unpatched programs by market share the list changes a bit:

  • Oracle Java JRE 1.8x/8.x - 46% market share; 49% unpatched; 67 vulnerabilities
  • Apple iTunes 12.x - 43% market share; 31% unpacthed, 130 vulnerabilities
  • Adobe Acrobat Reader DC 15.x - 42% market share; 12% unpactched; 215 vulnerabilities

The top three software programs that have reached end of life and are no longer being supported include:

  • Adobe Flash Player 21.x - 84% market share
  • Microsoft XML Core Services (MSXML) 4.x - 65% market share
  • Microsoft SQL Server 2005 Compact Edition - 62% market share

One positive take away, which I quickly mentioned at the top of this article, from the Flexera data is that from Q2 2015 to Q2 2016 the rate of unpatched Windows based operating systems dropped by more than 50% from 13.2% in Q2 2015 to just 5.5% in Q2 2016.

You can download and read the entire Flexera US Country Report from their website. No sign up is needed to access all of their reports.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!

IT/Dev Connections

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.