Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws.

“Our biggest message here is that we have got to start learning from our past,” Timpe said, going on to add, “We know software has vulnerabilities and vendors patch them, and when those patches are made available, they need to be applied. The best patch in the world won’t help your software if you don’t apply it.”

Source: http://www.scmagazine.com/report-shows-organizations-dont-properly-patch-systems-networks/article/399708/