Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:09 PM
Connect Directly

Report: Yanking Admin Rights Alleviates Threats In 92% Of Critical Microsoft Vulnerabilities

Most 2008 Microsoft vulnerability bulletins say lower system privileges help protect users against new exploits and zero-day attacks, BeyondTrust report says

Revoking administrative rights from machines can mitigate attacks against most critical Microsoft vulnerabilities and in more than half of all vulnerabilities in Microsoft software, a new report released today says.

In 92 percent of the Microsoft vulnerabilities labeled "critical" in 2008 Microsoft security vulnerability bulletins, the software giant said users with administrative rights were more likely to be affected by these vulnerabilities than were those with lesser privileges, BeyondTrust states in its report. And reducing user rights was a mitigation recommendation by Microsoft in nearly 70 percent of all of its software vulnerabilities reported last year, according to BeyondTrust.

The report also found that removing admin rights helps protect organizations from the full wrath of exploits in 94 percent of all Microsoft Office vulnerabilities, 89 percent of Internet Explorer vulnerabilities, and 53 percent of Windows vulnerabilities reported last year.

"We knew the benefit of eliminating admin rights, but we were all shocked that 92 percent of the critical vulnerabilities could be mitigated by eliminating [these] rights," says John Moyer, CEO for BeyondTrust, which sells least-privilege user management software for Windows environments.

This step can serve as a preventative or stopgap measure until patches are deployed, or while an organization is evaluating the impact of patching on its applications, for instance. Plus it buys the system administrator some time to evaluate the patch. "Most companies don't want to issue patches instantaneously [until] they test their compatibility with the systems they have," Moyer says.

Mitigation, however, is not complete protection. Scott McCarley, director of marketing for BeyondTrust, says removing admin rights will "make the exploit less severe" if it hits the machine. It depends on the vulnerability, but if an exploit lets the attacker get control of the system and it's configured with administrative rights, the machine is in danger, according to McCarley. Removing admin rights reduces the risk of this type of attack, he says.

But removing admin rights isn't exactly a no-brainer for all enterprises. Some in-house applications require that the end user have admin rights, and other handy tasks like defragmenting the hard drive require those privileges as well. "If you remove admin privileges from a user, productivity will suffer if the user is not able to run apps and get his job done," McCarley says. "There are a lot if technical changes [that occur with the] removal."

Ideally, only a small number of systems administrators have admin privileges in the organization, according to BeyondTrust, and they should only use those privileges when necessary.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-12
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.
PUBLISHED: 2019-12-12
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP ...
PUBLISHED: 2019-12-12
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.
PUBLISHED: 2019-12-12
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrat...
PUBLISHED: 2019-12-12
The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.