Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/3/2009
12:09 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Report: Yanking Admin Rights Alleviates Threats In 92% Of Critical Microsoft Vulnerabilities

Most 2008 Microsoft vulnerability bulletins say lower system privileges help protect users against new exploits and zero-day attacks, BeyondTrust report says

Revoking administrative rights from machines can mitigate attacks against most critical Microsoft vulnerabilities and in more than half of all vulnerabilities in Microsoft software, a new report released today says.

In 92 percent of the Microsoft vulnerabilities labeled "critical" in 2008 Microsoft security vulnerability bulletins, the software giant said users with administrative rights were more likely to be affected by these vulnerabilities than were those with lesser privileges, BeyondTrust states in its report. And reducing user rights was a mitigation recommendation by Microsoft in nearly 70 percent of all of its software vulnerabilities reported last year, according to BeyondTrust.

The report also found that removing admin rights helps protect organizations from the full wrath of exploits in 94 percent of all Microsoft Office vulnerabilities, 89 percent of Internet Explorer vulnerabilities, and 53 percent of Windows vulnerabilities reported last year.

"We knew the benefit of eliminating admin rights, but we were all shocked that 92 percent of the critical vulnerabilities could be mitigated by eliminating [these] rights," says John Moyer, CEO for BeyondTrust, which sells least-privilege user management software for Windows environments.

This step can serve as a preventative or stopgap measure until patches are deployed, or while an organization is evaluating the impact of patching on its applications, for instance. Plus it buys the system administrator some time to evaluate the patch. "Most companies don't want to issue patches instantaneously [until] they test their compatibility with the systems they have," Moyer says.

Mitigation, however, is not complete protection. Scott McCarley, director of marketing for BeyondTrust, says removing admin rights will "make the exploit less severe" if it hits the machine. It depends on the vulnerability, but if an exploit lets the attacker get control of the system and it's configured with administrative rights, the machine is in danger, according to McCarley. Removing admin rights reduces the risk of this type of attack, he says.

But removing admin rights isn't exactly a no-brainer for all enterprises. Some in-house applications require that the end user have admin rights, and other handy tasks like defragmenting the hard drive require those privileges as well. "If you remove admin privileges from a user, productivity will suffer if the user is not able to run apps and get his job done," McCarley says. "There are a lot if technical changes [that occur with the] removal."

Ideally, only a small number of systems administrators have admin privileges in the organization, according to BeyondTrust, and they should only use those privileges when necessary.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.