Eighty-one percent of corporate endpoints probed by IT security and control product vendor Sophos failed basic security tests: They either lacked Microsoft security patches, their client firewalls were disabled, or they missed endpoint security software updates.

For 40 days, Sophos ran its Endpoint Assessment Test, a free online scanning service that checks for endpoint security vulnerabilities. The Endpoint Assessment Test was performed against 583 corporate endpoints from around the world. North America represented 39 percent of the sample base, while the U.K. made up 36 percent, and Australia and Germany were 11 percent and nine percent respectively (five percent were from other countries).

Test results showed that 63 percent were missing at least one Microsoft security patch; more than half (51 percent) of endpoints tested had their client firewalls disabled, and 15 percent had out-of-date or disabled endpoint security software.

"Ultimately, machines that fail such a test represent 'low hanging fruit' for cybercriminals and a real danger to their corporate networks," Bill Emerick, vice president of product management for Network Access Control, said in a statement.

Sophos says thirty-nine percent of those tested were part of an organization with fewer than 100 employees; 36 percent had between 100 and 1,000 employees; and 25 percent were from organizations with more than 1,000 employees.