Skip navigation

Duo News & Press

All things Duo from our press room, blog and around the Web

Press Release
May 10th, 2016

Duo Security Finds a Quarter of Windows Devices are Exposed to 700 Vulnerabilities

Research Points out the Concerning Lack of Device Security in the Enterprise

Duo Security, a cloud-based trusted access provider protecting the world’s largest and fastest-growing companies, has analyzed data from over two million devices used by businesses around the world to determine the general security health of devices in the enterprise. Most concerning of the findings is that 25 percent of all Windows devices are running outdated and unsupported versions of Internet Explorer, which leaves those unpatched systems open to more than 700 vulnerabilities.

Duo research also reveals that 72 percent of Java users are running an out-of-date version, compared to 60 percent who have an outdated version of Flash. This is worrying as Flash and Java are notorious targets, used by attackers in exploit kits to gain access to their machines. Duo research indicates that users still run outdated software, Flash, and Java on devices used to access company applications, putting entire organizations at risk of data breaches.

Duo’s data analysis found that Mac users are more up to date than Windows users when it comes to operating systems. Fifty-three percent of Apple users are running either the fully patched, latest version of OS X, or the previous version, compared to 35 percent of Windows users on Windows 10 and 8.1. Apple users may be more likely to update their operating systems because these updates have been known to be quite stable. In addition, new OS X versions are also free and heavily promoted by Apple.

While the full findings are concerning, mitigating these issues at an enterprise level is manageable with basic security solutions and endpoint visibility in place. “Organizations need visibility into the health of all devices accessing their business applications,” said Mike Hanley, Director of Duo Labs. “Each of these outdated devices poses a significant risk to a company. Visibility and insight will help better protect organizations against breaches.”

Duo Security recommends these steps to strengthen an organization's security hygiene:

  • Embrace the Bring Your Own Device (BYOD) trend and prepare for it by providing IT administrators with actionable data on device ownership and health to enable risk-based access control decisions.

  • Enable automatic updates for as much software as possible instead of relying on employees to manually install updates.

  • Switch to Google Chrome browsers in your organization. Chrome receives automatic and frequent updates.

  • Disable Java and prevent Flash from running automatically on corporate devices.

  • Use a Trusted Access solution with both two-factor authentication and endpoint visibility features to verify both users and devices.

About Duo Security
Duo Security is a cloud-based trusted access provider protecting the world’s fastest-growing companies and thousands of organizations worldwide, including Dresser-Rand Group, Etsy, Facebook, K-Swiss, Paramount Pictures, Random House, SuddenLink, Toyota, Twitter, Yelp, Zillow, and more. Duo Security’s innovative and easy-to-use technology can be quickly deployed to protect users, data, and applications from breaches, credential theft and account takeover. Duo Security is backed by Benchmark, Google Ventures, Radar Partners, Redpoint Ventures and True Ventures. Try it for free at

Sally Feller
PR Manager
Duo Security