Image: Microsoft

A quarter of all PCs running Windows are using outdated and unsupported versions of Internet Explorer.

Researchers from Duo Security analysed data from over two million devices and found a significant number of Windows PC are still running an unsupported version of Internet Explorer, especially on Windows XP, potentially leaving those PCs open to malware, data breaches and credential theft.

Microsoft stopped supporting any version of Internet Explorer prior to version 11 in January this year, meaning that many still using IE 8, IE 9 or IE 10 (there are some exceptions) will not be protected against new vulnerabilities and exploits.

While overall fewer than five percent of Windows users are running Internet Explorer 7 or 8, the number of users running these outdated browsers massively jumps for those still using Windows XP - half of PCs on the OS are still running IE 7 or IE 8.

Duo Security's 'The Current State of Device Security' report appears to suggest that the most efficient way to avoid these Internet Explorer vulnerabilities is by downloading Google's self-updating Chrome browser.

"Google's Chrome browser rolls out updates automatically to their users, making it easier to stay up to date and protected against the latest vulnerabilities. Chrome also blocks Flash advertisements by default, which can reduce the risk of malware infection," researchers say.

The report also notes that Adobe Flash is "notoriously susceptible to many very critical and prolific vulnerabilities" with over 300 being reported in just 2015 alone.

"If just one device on your network is running an outdated version of Flash, they could be exploited to run malware your company's apps and systems, allowing them to steal confidential data from your company," the report says, pointing to how this is a problem because 72 percent of versions of Java and 60 percent of versions of Flash are out of date.

The combination of this failure to patch Flash and Java, combined with the significant number of machines which continue to run obsolete versions of Internet Explorer and Windows present a significant risk to cybersecurity, the report warns.

"Our data indicates a high rate of out-of-date and vulnerable endpoints that can expose your company's apps and data to malware, credential theft, and a potential data breach," say researchers.

The report - which is based off an analysis of two million devices used in a business environment - also suggests users should disable Java and prevent Flash from running on corporate device and, where possible, enforce this on user-owned devices.

READ MORE ON CYBERSECURITY