IT departments are dragging their feet on patching vulnerabilities. A new survey from Qualys, a company that provides security risk solutions, found that nearly 50 percent of the respondents take at least a month to fix problems.

That means that a system is open for attack for a month from hackers trolling cyberspace looking for prey, and that's bad news for small and medium-sized companies, in particular.

The majority of vulnerabilities are now found in client-side applications, with most targeted attacks hitting Adobe Acrobat/Reader and Microsoft Word, eWeek.com reports.

"Businesses have to test the patch deployment to assure that patches do not break existing applications," Qualys CTO Wolfgang Kandek told eWeek.com. "At the same time, attackers are getting better [able] to explore new vulnerabilities ever faster."

Another study, released by security company Trusteer, reported that three-quarters of the 2.5 million users scanned by the company are running vulnerable versions of Flash and Acrobat reader. Just from these surveys, it's clear that companies are going to have to bite the bullet and find a way to act more quickly to plug the holes and secure their systems.

For more on how companies deal with vulnerabilities:
- check out this eWeek.com article

Related Articles:
Researchers hijack computer software update process
Microsoft plans out-of-band patch this Tuesday
Microsoft stock dips when patches are released
Unpatched web browsers a security threat