Almost nine out of 10 security flaws discovered on PCs running Windows were due to vulnerable third-party applications rather than pre-installed Microsoft software.
That's according to a report by security expert Secunia, which examined the security of the 50 most-used Windows applications in 2012.
Further reading
Computing research: Industrial control systems under attack Adobe issues fix for zero-day Flash vulnerabilities 2013 will see more Stuxnet and Flame-like malware attacks, says AVG CTO Third party applications – a chink in your armour
Secunia discovered that 86 per cent of vulnerabilities come from non-Microsoft software, despite Microsoft products accounting for almost two-thirds of the top 50 most used software programs on average.
Google Chrome was found to have the most vulnerabilities with 291, followed by Mozilla Firefox with 257 and Apple iTunes with 243. The most vulnerable Microsoft product is Windows 7 itself, ranked by Secunia as seventh most vulnerable, with Internet Explorer ninth with 41.
The 86 per cent of vulnerabilities in third-party applications marks an increase on 2011, which saw 78 per cent of flaws arise from non-Windows based software. The research demonstrates the importance that IT departments must place on patching software for all applications and not just those in the Windows ecosystem.
"Companies cannot continue to ignore or underestimate non-Microsoft programs as the major source of vulnerabilities that threaten their IT infrastructure and overall IT-security level," said Morten Stengaard, Secunia's director of product management.
"The number of vulnerabilities is on the increase, but many organisations continue to turn a blind eye, thereby jeopardising their entire IT infrastructure. It only takes one vulnerability to expose a company, and no amount of processes and technology that supports operating systems and Microsoft programs will suffice in providing the required level of protection," he added.
Many of the vulnerabilities discovered can be eradicated through the use of patching. The latest Secunia Vulnerability Review indicates that 84 per cent of security flaws received patching on the day of disclosure, up from 72 per cent in 2011.
However, there's no reason for application vendors to believe they're getting on top of the security problem, with reports of vulnerabilities in the 50 most popular PC programs up 98 per cent - almost doubling in the past five years.
The finding by Secunia that Microsoft products are only responsible for a minority of vulnerabilities, comes shortly after research by network security solutions provider Sourcefire suggested that Firefox is the most vulnerable internet browser.
"One of the conclusions that we saw was Internet Explorer's bad reputation might not be completely deserved because Firefox actually has a lot more vulnerabilities," Dr Yves Younan, senior research engineer in Sourcefire's Vulnerability Research Team told Computing.
