8% of Virtual Devices Are Free of Security Flaws

The ways of working in companies are constantly changing and we are moving steadily towards the digital age. In this sense, virtual devices are the order of the day, they are an inexpensive and relatively easy way for software providers to distribute their products. Thus, customers end up implementing them in public and private cloud environments. If everything was well done there would be no problems. What happens is that only 8% of virtual devices are free of security flaws.

Recent research has shown that these types of devices frequently have exploitable and fixable vulnerabilities. There are still more, they sometimes run on outdated or unsupported operating systems, which exacerbates the problem.

8% of Virtual Devices Are Free of Security Flaws

Virtual device health security report

The report has been produced by Orca Security . This company has solutions that are responsible for detecting important risks to cloud security. Thanks to its tools, it scans the assets in the cloud and shows vulnerabilities, malware, incorrect configurations, risk of lateral movement and weak or leaked passwords.

To conduct this study, Orca Security analyzed 2,218 virtual appliance images from 540 software vendors. Known vulnerabilities and other risks were searched for in order to provide an objective assessment score and classification. Thus, after the final scan, 401,571 vulnerabilities were found. Without a doubt, a significant number in which only 8% of virtual devices had no security flaws.

Users believe that virtual devices are free from security risks. However, that is far from the truth. We are in a situation where there are many vulnerabilities to which we must add maintenance-free operating systems.

Critical vulnerabilities

In the Orca Security 2020 Virtual Appliance Security Status report, it is made clear that companies need to be vigilant to test and close any security breaches. But not only that the software industry still has a long way to go to protect its customers, since they often do not fix their security flaws in time. The study identified 17 critical vulnerabilities in virtual devices that are considered to be at high risk if not properly addressed.

Also that 56% of this type of product received a rating of failed, mediocre or poor . Which shows us a worrying situation of virtual devices. Among the most known and easily exploitable vulnerabilities we find:

  • EternalBlue.
  • DejaBlue.
  • BlueKeep.
  • DirtyCOW.
  • Heartbleed.

One worrying fact is that only 8% of virtual devices were free of known vulnerabilities .

Outdated software increases risk

The study also revealed that most suppliers are not updating or recalling their products at the end of their useful life ( EOL or End Of Life ).

From this we find that 47% of virtual devices have not received an update in the last year. Another alarming fact is that 16% of these types of devices had not received an update in the last three years or were using outdated operating systems. Unsurprisingly, security flaws accumulate as products age and approach EOL. In this sense, the safety rating decreases as the products age and are not updated.

The report helped improve the situation

The Orca Security researchers sent emails to each software vendor informing them of the security flaws. This gave them the opportunity to improve the safety of their products.

Thanks to this, some companies took the problem seriously and went to work to fix their vulnerabilities. As a direct result of this Orca Security study, vendors reported that 36,938 of the 401,571 vulnerabilities had been removed by patching or discontinuing the sale of those virtual appliances. In addition, as a result of this report, 53 products were withdrawn from distribution and another 287 were updated.