Two of every three computers are running software that contains a critical security hole, according to statistics released by vulnerability scanning company Qualys Inc.
The data, based on more than 32 million vulnerability scans, spans three years. In all, 21 million critical vulnerabilities were identified in that period that could allow an attacker to take over a machine or get access to sensitive data, said Gerhard Eschelbeck, chief technology officer at Qualys.
Not all the news is bad, though. Companies are getting better at applying software patches for those holes. The average time it took for companies to patch 50 percent of their affected systems declined from 30 days in 2003 to just 19 days this year.
For internal systems, this year companies took an average of 48 days to patch half of their affected systems. Last year, it took them 62 days to do that, Eschelbeck said.