Balle said that scans of business computers for unpatched applications reveal the same user behaviour that inspections of consumer computers expose.
"The vulnerable applications tend to be more business-like in nature, exploiting flaws in enterprise software and devices rather than media players," he said.
"However, the overall picture is the same. The operating systems, browsers and Microsoft applications in general appear to be updated fairly regularly. But all other applications seem to be forgotten, or receive too low a priority given the severity of the issues."
Part of the problem may be due to the fact that many application vendors don't bake in automated security update mechanisms, leaving it up to users to first recognise the seriousness of a vulnerability and then search for, download and install a patch. Or if vendors do offer automatic patching, updates are done irregularly or not frequently enough. In contrast, QuickTime updater on Windows checks for updates on a default weekly schedule.