More than one in ten PC users have not patched their machines against the Conficker virus, says Sophos.
The research comes from the security vendor's Endpoint Assessment Test - a free tool that scans computers and assesses whether they present a security risk for an organisation.
Sophos revealed that 11 percent of PC users that have taken the test did not have the Microsoft MS08-067 patch installed, which protects against the worm.
"We would have hoped that computer users would have woken up to the threats and installed this patch," said Graham Cluley, senior technology consultant at Sophos.
"Not only has the patch been available since last October, there's also been so many reports on the potential consequences of failing to patch. This is pretty depressing news."
See also: 20% of business PCs exposed by Conficker