Attacks/Breaches
2/21/2014
03:47 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Removing Admin Rights Mitigates 92% Of Critical Microsoft Vulnerabilities

New analysis of Patch Tuesday bulletins shows benefits of stripping admin rights

Manchester (UK) and Boston - February 18th, 2013 – 92% of all vulnerabilities reported by Microsoft with a critical severity rating can be mitigated by removing admin rights, according to new research from Avecto.

The market leading privilege management firm analyzed data from security bulletins issued by Microsoft throughout 2013.

The results also revealed that removing admin rights would mitigate 96% of critical vulnerabilities affecting Windows operating systems, 91% critical vulnerabilities affecting Microsoft Office and 100% of vulnerabilities in Internet Explorer.

Microsoft bulletins are issued on the second Tuesday of each month, a date known commonly as Patch Tuesday, and provide fixes for known security issues.

If malware infects a user with admin rights, it can cause incredible damage locally, as well as on a wider network. Additionally, employees with admin rights have access to install, modify and delete software and files as well as change system settings.

Paul Kenyon, co-founder and EVP of Avecto said: "It's astounding just how many vulnerabilities can be overcome by the removal of admin rights.

"The dangers of admin rights have been well documented for some time, but what's more concerning is the number of enterprises we talk to that are still not fully aware of how many admin users they have. Without clear visibility and control, they are facing an unknown and unquantified security threat."

"Awareness of the importance of privilege management is growing, but we need to get to the point where it's a standard measure for all organizations. These findings make it clear that it's a critical element of an endpoint security strategy that just cannot be ignored."

Paul concluded: "This analysis focuses purely on known vulnerabilities, and cyber criminals will be quick to take advantage of bugs that are unknown to vendors. Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so."

The full report can be downloaded here: www.avecto.com/microsoft-vulnerabilities

ENDS

Notes to editors

Methodology

The research analyzed Microsite security bulletins from 2013.

A vulnerability was classed as one that could be mitigated by removing admin rights if the following sentence was found within the executive summary: "users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative users rights."

For a more detailed overview of the methodology, please see Appendix 1 in the full report here: www.avecto.com/microsoft-vulnerabilities

About Avecto

Avecto is a leader in Windows privilege management, helping organizations to deploy secure and compliant desktops and servers.

The company has been named second fastest growing technology company in the UK and 10th fastest growing software company in the EU, Middle East and Africa, according to the 2013 Deloitte Fast 50 and Fast 500 EMEA lists.

With its award winning Privilege Guard technology, organizations can now empower all Windows based desktop and server users with the privileges they require to perform their roles, without compromising the integrity and security of their systems.

Companies of all sizes rely on Avecto to reduce operating expenses and strengthen security across their Windows based environments, reducing operating costs and improving system security.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
EbonyC129
50%
50%
EbonyC129,
User Rank: Apprentice
3/18/2014 | 4:29:21 PM
re: Removing Admin Rights Mitigates 92% Of Critical Microsoft Vulnerabilities
This is critical....here in Pitt County NC where the academic access to world class IT skills is abundant yet the geography is basically still a rural community the lure to even international cyber-criminals is abundant.....
Mostly partisan political operatives have exploited the under the radar nature of this area and local law enforcement under staffed and undereducated ranks all make for a soup of cyber-intrusion dreamland that is beyond belief.............
This is the birthing room of the recent TARGET intrusions and the home of the mass theft of thousands of US military personnel identities is yet to be understood as relates to the damage terrorist can do to the national security ......NC is flying below the radar of all the national watchdog agencies and the cost to the nation and the globe may be irreparable
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

CVE-2014-0762
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.

CVE-2014-2380
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

CVE-2014-2381
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

CVE-2014-3344
Published: 2014-08-27
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq3...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.