A study conducted by Spiceworks found over two-thirds of organizations are running unsupported versions of Microsoft Office software, exposing them to potential cyber-attacks.
1,100 IT pros in the US, Canada, and the UK were polled and an overwhelming 68% admitted to still running some instances of Office 2007, even though support ended for this version in October 2016. Even worse? 46% admitted to running Office 2003; 21% Office 200; 15% Office XP (2002 Version); and even 3% claim to still be running Office 97.
It was concluded that mid-sized firms (100-1,000 employees) were more likely to run Office 2007, while larger organizations usually have more funds to keep up to date with the latest software.
According to the National Cyber Security Centre, outdated software creates two major issues from a security perspective:
1. The software will no longer receive security updates from developers, increasing the likelihood that exploitable vulnerabilities will become known to attacks
2. The latest security mitigations are not present in older software, increasing the impact of vulnerability, making exploitation more likely to succeed, and making detection of any exploit more difficult
It’s hard to believe after the recent WannaCry and NotPetya ransomware attacks that these many organizations continue to run outdated software knowing the risks they face. The WannaCry ransomware attack infected over 230,000 victims in more than 150 countries, as the ransomware was designed to ‘worm’ around networks, infecting all vulnerable systems on the network.
As mentioned earlier, the problem with running outdated software is not just the lack of new features or improved functionality, it’s the known and exploitable vulnerabilities found within them. This problem can be even worse if found operating in a corporate IT environment, then you are posing a risk to the entire network.
Read this article in InfoSecurity Magazine