ANN ARBOR — Duo Security, the Ann Arbor-based security products and services provider, has announced new results from a survey, “Trusted Access Report: Microsoft Edition.”
And the findings were scary enough for Halloween. They included:
* Sixty-five percent of all Windows devices are still running Windows 7, which was released in 2009 and has about 600 known security vulnerabilities.
* Tens of thousand of devices are still running Windows XP, 15 years after its release. This represents more than 700 vulnerabilities, 200 of which are rated as high-to-critical.
* Twenty percent of devices running Internet Explorer are running unsupported versions 8, 9 and 10. IE versions 8 through 10 have reached end-of-life status without the ability to receive security patches, leaving them susceptible to old exploits. Of all devices running Microsoft browsers, only 3 percent are using the latest, Edge.
“The majority of users on Microsoft operating systems and browsers are failing to take advantage of the latest and greatest security updates and capabilities, leaving them open to potential attacks,” said Duo’s Director of Security, Mike Hanley. “This creates a risky proposition for out-of-date devices accessing sensitive cloud services and applications.”
To analyze the current state of device security, Duo analyzed more than two million devices, 63 percent of which were running Microsoft operating systems.
In its analysis, Duo also found:
* Nearly 62 percent of devices running IE have an old version of Flash installed, potentially making them susceptible to compromise by an exploit kit containing code for Flash vulnerabilities.
* Ninety-eight percent of devices running IE have Java installed. Businesses have legacy and custom applications that rely on Java. Java remains a top target of attackers.
* Forty-two percent of all devices analyzed used Microsoft services, including Remote Desktop Protocol, Outlook Web Access, and Remote Desktop Gateway.
To protect against these vulnerabilities, Duo recommends:
* Switch to modern browser platforms that are more secure, such as Edge, or those that update more frequently and automatically, such as Google Chrome
* Run regular security updates as well as emergency patches
* Use device encryption, passwords and fingerprint ID
* Implement a two-factor authentication solution to protect systems and data
* Enable automatic updates for as much software as possible to make it easier for your users
* Disable Java and prevent Flash from running automatically on corporate devices, and enforce this on user-owned devices through endpoint access policies and controls
To protect environments from multiple attack vectors, Duo has taken a holistic approach to security. Its Trusted Access solution verifies the health of users’ identities and the security health of their devices before granting access to authorized applications.
The full 2016 Duo Trusted Access Report: Microsoft Edition can be found at duo.sc/microsoft-edition.
Duo provides cloud-based tech security to thousands of organizations worldwide, including Dresser-Rand Group, Etsy, NASA, Facebook, K-Swiss, Paramount Pictures, Random House, SuddenLink, Toyota, Twitter, Yelp, Zillow, and more. Try it for free at www.duo.com.