Organisations could dramatically cut their exposure to vulnerabilities in Microsoft software simply by limiting Windows admin rights, an analysis by BeyondTrust has reminded the world.
Using flaw data drawn from Microsoft’s security bulletins throughout 2010, removing admin rights for users of Office and Internet Explorer would have mitigated security worries in 100% of cases for those applications.
Overall, of the 256 vulnerabilities published by the company during the year, 163, or 64%, would have been mitigated by removing admin rights. On the operating system side, 76 out of 162 flaws could be avoided
using the same tactic.
Of the 142 Windows 7 flaws ever made public, 42% would be mitigated by removing admin rights.
The idea of removing or limiting admin rights is not a new one but is not simple to implement. Admin rights are often left on in Windows and managed through User Account Control (UAC) because restricting them causes problems for some applications, including legacy apps that assume such rights.
BeyondTrust’s long-standing solution is a product called PowerBroker for Desktops which admins can use to define rights on an app-by-app or process-by-process basis, but always while keeping them to a minimum.
“Microsoft does a great job identifying and patching those vulnerabilities, but the pure number demonstrates the
Subscribers 0
Fans 0
Followers 0
Followers