Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:09 PM
Connect Directly

Report: Yanking Admin Rights Alleviates Threats In 92% Of Critical Microsoft Vulnerabilities

Most 2008 Microsoft vulnerability bulletins say lower system privileges help protect users against new exploits and zero-day attacks, BeyondTrust report says

Revoking administrative rights from machines can mitigate attacks against most critical Microsoft vulnerabilities and in more than half of all vulnerabilities in Microsoft software, a new report released today says.

In 92 percent of the Microsoft vulnerabilities labeled "critical" in 2008 Microsoft security vulnerability bulletins, the software giant said users with administrative rights were more likely to be affected by these vulnerabilities than were those with lesser privileges, BeyondTrust states in its report. And reducing user rights was a mitigation recommendation by Microsoft in nearly 70 percent of all of its software vulnerabilities reported last year, according to BeyondTrust.

The report also found that removing admin rights helps protect organizations from the full wrath of exploits in 94 percent of all Microsoft Office vulnerabilities, 89 percent of Internet Explorer vulnerabilities, and 53 percent of Windows vulnerabilities reported last year.

"We knew the benefit of eliminating admin rights, but we were all shocked that 92 percent of the critical vulnerabilities could be mitigated by eliminating [these] rights," says John Moyer, CEO for BeyondTrust, which sells least-privilege user management software for Windows environments.

This step can serve as a preventative or stopgap measure until patches are deployed, or while an organization is evaluating the impact of patching on its applications, for instance. Plus it buys the system administrator some time to evaluate the patch. "Most companies don't want to issue patches instantaneously [until] they test their compatibility with the systems they have," Moyer says.

Mitigation, however, is not complete protection. Scott McCarley, director of marketing for BeyondTrust, says removing admin rights will "make the exploit less severe" if it hits the machine. It depends on the vulnerability, but if an exploit lets the attacker get control of the system and it's configured with administrative rights, the machine is in danger, according to McCarley. Removing admin rights reduces the risk of this type of attack, he says.

But removing admin rights isn't exactly a no-brainer for all enterprises. Some in-house applications require that the end user have admin rights, and other handy tasks like defragmenting the hard drive require those privileges as well. "If you remove admin privileges from a user, productivity will suffer if the user is not able to run apps and get his job done," McCarley says. "There are a lot if technical changes [that occur with the] removal."

Ideally, only a small number of systems administrators have admin privileges in the organization, according to BeyondTrust, and they should only use those privileges when necessary.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-06
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
PUBLISHED: 2020-07-06
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
PUBLISHED: 2020-07-06
It's possible to inject JavaScript code via the html method.
PUBLISHED: 2020-07-06
It's possible to use <<script>script> in order to go over the filtering regex.
PUBLISHED: 2020-07-06
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.