Outdated plug-ins running wild within Enterprise operationsby Steve Ragan - Aug 23 2011, 14:00
Cloud-based security vendor, Zscaler, compiling data for their Q2 threat assessment report, discovered that Enterprise operations are still outdated browser plug-ins, exposing them to needless risk.
Nearly every browser these days uses a plug-in of some kind. Zscaler, taking anonymous samples from Enterprise clients, discovered that three of the most common plug-ins used were also three of the most vulnerable, remaining unpatched and leaving the system exposed to potential trouble. Moreover, most users were not aware of the plug-ins currently installed.
The top five plug-ins used by Enterprise customers in the Q2 report were Adobe Flash (94-percent), Windows Media Player (86-percent), Adobe Reader (83-percent), Microsoft Outlook (83-percent), and .NET (80-percent).
However, when checking versions from the same set of data, Zscaler discovered that 56-percent of the Adobe Reader installations were outdated. This is followed by Shockwave (32-percent), Microsoft Outlook (18-percent), and Adobe Flash (8-percent), and Java (6-percent).
“Patching and updating is key to security as many attacks are not targeting browsers, but outdated plug-ins,” said Michael Sutton, VP of security research at Zscaler ThreatLabZ. “In fact, recent large hacks making headlines are thought to have been performed by compromising just one plug-in in an enterprise.”
The report - registration required - is online.