Admin rights underpin many Windows exploits, analysis finds

Including 100 percent of IE flaws

Organisations could dramatically cut their exposure to vulnerabilities in Microsoft software simply by limiting Windows admin rights, an analysis by BeyondTrust has reminded the world.

Using flaw data drawn from Microsoft's security bulletins throughout 2010, removing admin rights for users of Office and Internet Explorer would have mitigated security worries in 100 percent of cases.

Overall, of the 256 vulnerabilities published by the company during the year, 163, or 64 percent, would have been mitigated by removing admin rights. On the operating system side, 76 out of 162 flaws could be avoided using the same tactic.

Of the 142 Windows 7 flaws ever made public, 42 percent would be mitigated by removing admin rights.

The idea of removing or limiting admin rights is not a new one but is not simple to implement. Admin rights are often left on in Windows and managed through User Account Control (UAC) because restricting them causes problems for some applications, including legacy apps that assume such rights.

BeyondTrust's long-standing solution is a product called PowerBroker for Desktops which admins can use to define rights on an app-by-app or process-by-process basis, but always while keeping them to a minimum.

"Microsoft does a great job identifying and patching those vulnerabilities, but the pure number demonstrates the volume of vulnerabilities in some of the most common business software in the enterprise," said BeyondTrust's director of program management, Peter Beauregard.

If buying a software product to manage admin rights for one company's products doesn't appeal, a second argument is that limiting the same rights will also protect against a percentage of unknown vulnerabilities as well, he said. That would include non-Microsoft vulnerabilities that exploit the same privilege escalation design.

"Patching alone doesn't protect the enterprise, because so many vulnerabilities are undiscovered and others could take weeks to patch. Removing administrative privileges from users is the only way to eliminate the vast majority of risk that comes from these vulnerabilities," said Beauregard.

One dimension not addressed by the report is the situation of consumers who run Windows with admin privileges turned on by default. For this section of the Windows population, the only resort is a well of skepticism and the willingness to click 'no' when the Windows UAC interface throws up a request for admin rights.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityMicrosoftoperating systemssoftwareBeyondTrust

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E Dunn

Techworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?