Admin rights underpin many Windows exploits, analysis finds

Including 100 percent of IE flaws

Organisations could dramatically cut their exposure to vulnerabilities in Microsoft software simply by limiting Windows admin rights, an analysis by BeyondTrust has reminded the world.

Using flaw data drawn from Microsoft's security bulletins throughout 2010, removing admin rights for users of Office and Internet Explorer would have mitigated security worries in 100 percent of cases.

Overall, of the 256 vulnerabilities published by the company during the year, 163, or 64 percent, would have been mitigated by removing admin rights. On the operating system side, 76 out of 162 flaws could be avoided using the same tactic.

Of the 142 Windows 7 flaws ever made public, 42 percent would be mitigated by removing admin rights.

The idea of removing or limiting admin rights is not a new one but is not simple to implement. Admin rights are often left on in Windows and managed through User Account Control (UAC) because restricting them causes problems for some applications, including legacy apps that assume such rights.

BeyondTrust's long-standing solution is a product called PowerBroker for Desktops which admins can use to define rights on an app-by-app or process-by-process basis, but always while keeping them to a minimum.

"Microsoft does a great job identifying and patching those vulnerabilities, but the pure number demonstrates the volume of vulnerabilities in some of the most common business software in the enterprise," said BeyondTrust's director of program management, Peter Beauregard.

If buying a software product to manage admin rights for one company's products doesn't appeal, a second argument is that limiting the same rights will also protect against a percentage of unknown vulnerabilities as well, he said. That would include non-Microsoft vulnerabilities that exploit the same privilege escalation design.

"Patching alone doesn't protect the enterprise, because so many vulnerabilities are undiscovered and others could take weeks to patch. Removing administrative privileges from users is the only way to eliminate the vast majority of risk that comes from these vulnerabilities," said Beauregard.

One dimension not addressed by the report is the situation of consumers who run Windows with admin privileges turned on by default. For this section of the Windows population, the only resort is a well of skepticism and the willingness to click 'no' when the Windows UAC interface throws up a request for admin rights.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags BeyondTrustMicrosoftsecuritysoftwareoperating systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E Dunn

Techworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?