Microsoft code not the security sieve sysadmins should be worried about

http://www.flickr.com/photos/nickpiggott/2173775071/

The gap between software patched by IT departments and the applications cyber-criminals actually target is leaving organisations at a greater risk of attack.

And despite BOFHs' efforts to keep Microsoft-supplied packages up to date, non-Redmond software is almost exclusively responsible for the growth in vulnerabilities. That's according to an annual study by Secunia, which was published on Tuesday.

The security biz reported that the share of third-party vulnerabilities on a typical employee's computer increased from 45 per cent in 2006 to 78 per cent in 2011 - leaving 12 per cent of the security bugs found in operating systems and 10 per cent in Microsoft code. Of 800 end-point vulnerabilities logged by Secunia last year, the Danish firm rated more than half as either "highly" or "extremely" critical.