Secunia report shows that users do not deploy XML Core Services updates

Jul 11, 2014 06:45 GMT  ·  By

A report published by security company Secunia for the second quarter of 2014 in the United Kingdom reveals that 40 percent of the programs running on a Briton's computers are developed by Microsoft, but some of them remain vulnerable to attacks because users simply do not install patches released by the company.

According to Secunia data, 31 of 76 programs running on a computer in the United Kingdom are developed by the software giant based in Redmond, while 9.7 percent of the consumers in the country are using unpatched operating systems, including Windows Vista, Windows 7, and Windows 8.

While it's hard to find a reason why people don't actually care more about their security, Secunia says that the different mechanism of getting the updates is at fault for users keeping their computers unprotected.

“On a typical PC, users have to master 26 different update mechanisms to patch the 76 programs on it, in order to remediate vulnerabilities: 1 single update mechanism for the 31 Microsoft programs that make up 40% of the programs on the PC; another 25 different update mechanisms to patch the remaining 45 programs (60%) from the 25 so-called third-party vendors whose products are on the PC, and who each have a unique update mechanism,” Secunia said in a report published today (PDF viewer required to open the document).

Microsoft XML Core Services (MSXML) 4.x is the software component found on 74 percent of the computers in the United Kingdom, but according to Secunia data, most users are running an older version that's obviously vulnerable to attacks and could expose data.

The reason is the same different update system that's not based on Windows Update, which means that users are required to get the new version manually, thus making it harder especially in the case of beginners.

“The reason MSXML is topping the list is because of the way updates for the software are being handled: Normally, patches for Microsoft products are offered through Windows Update, but in the case of MSXML, patches are only offered for MSXML Service Pack 3. Since older MSXML Service Packs are considered End-of-Life, users are not being offered patches as they normally would,” Kasper Lindgaard, director of research and security at Secunia, said.

Internet Explorer 11, .NET Framework 3.x and 2.x are also among the most popular solutions in the United Kingdom, most of which have already been patched several times by Microsoft. This time, however, Redmond rolled out fixes via Windows Update, so consumers have no excuse for running an older version.