Outdated Windows operating systems and applications are still par for the course in many enterprises today.

DuoSecurity studied some 1.26 million Microsoft Windows endpoint devices of its business customers, and found a disturbing chunk of old-school software in use. Tens of thousands of devices in the sample are running Windows XP, for example, and one-fifth of Internet Explorer browsers are out-of-date.

"What was most surprising to me was the browser data: 20% of all IE we see are older, non-supported versions," says Mike Hanley, director of security at DuoSecurity. "My hunch is that because they have this legacy application that, [for example], only works with IE 8, they continue to use IE 8," he says. It can be pricey for enterprises to update their legacy apps for a new browser version.

Among the other Microsoft endpoint findings by DuoSecurity:

·         65% of all Windows devices run Windows 7

·         98% of IE devices have Java installed

·         62% of IE devices have an outdated version of Adobe Flash installed

Hanley says the majority Windows 7 operating system wasn't too surprising, but it was disappointing. "A fully patched Windows 7 machine versus a fully patched Windows 10 machine" isn't the same thing, he says. "Windows 10 comes with more sophisticated security."

Windows 10 comes with an updated BitLocker feature that encrypts the entire hard drive as well as individual files, for example, plus the new Device Guard function that only allows trusted code to run on the machine.

Outdated OSes and applications obviously leave endpoints at risk. IE versions 8, 9, and 10, for example, are no longer supported by Microsoft, so users of these older versions could be a the mercy of older vulnerabilities and exploits. Most of the IE users in the sample—80%- run IE 11, and just 3%, Edge, according to Duo's report.

The XP devices in the sample were mostly desktops and laptops, not the usual suspects of kiosks or other devices.

A bit of good news from the survey: "Legacy IE usage has actually dropped off. Even if they're not running Windows 10, they are at least not using IE 8 as much," Hanley says, which is an improvement from data gathered by his firm earlier this year.

Related Content: