Removing Admin Privileges Mitigates 97% of Critical Microsoft Vulnerabilities
Analysis of Microsoft Patch Tuesday releases from last year reveals that 97% of the critical vulnerabilities patched could be mitigated by removing administrative rights for users, according to the 2014 Microsoft Vulnerabilities Report.
As the chart shows, the vast majority of the critical vulnerabilities would allow attackers to remotely execute code on targeted systems, and removing admin rights would have reduced risks from the majority of those flaws.
“The results also revealed that removing admin rights would mitigate 98% of critical vulnerabilities affecting Windows operating systems, 95% of critical vulnerabilities affecting Microsoft Office and 99.5% of vulnerabilities in Internet Explorer,” the researchers said.
“Furthermore, 80% of all Microsoft vulnerabilities – regardless of severity ranking – could be mitigated by removing admin rights.”
The team had analyzed all the Microsoft security bulletins issued in 2014, and found that the number of vulnerabilities (242) with a “critical” rating had increased 65% over the number issued in 2013.
“User accounts with admin privileges are primary targets for exploit, as they provide unrestricted access to an endpoint, enabling malware to bury itself deep inside the operating system, cloak itself from detection and then spread more readily across the network,” the researchers said.
“Employees with admin rights have the ability to install, modify and delete software and files. They can also change system settings, potentially introducing even more vulnerabilities.”
The team says that Privilege Management is the first step that every organization should engage in to improve the security of all of vulnerable endpoints, as it clearly can mitigate the majority of exploits, particularly when combined with proactive strategies like having good application controls and patch management.
“There is a misconception that passive tools, like detection technologies, can provide adequate protection, and yet evidence clearly demonstrates that organizations can no longer afford to rely on reactive strategies to deal with the advanced nature of so many attacks,” said said Paul Kenyon.
“Time and time again, the removal of admin rights proves to be a simple and effective threat mitigation strategy – and yet many businesses are still overlooking this fundamental practice.”