About 92% of Microsoft software vulnerabilities could be eliminated by running Windows users with ‘standard’ rather than ‘administrator’ rights, a new report states.
According to an analysis by privilege management firm Avecto, eliminating admin rights can also remove 96% of critical vulnerabilities affecting Windows OS, 91% on Microsoft Office, and a total 100% on Internet Explorer browser.
Avecto co-founder and EVP Paul Kenyon said it’s astounding just how many vulnerabilities can be overcome by the removal of admin rights.
"The dangers of admin rights have been well documented for some time, but what’s more concerning is the number of enterprises we talk to that are still not fully aware of how many admin users they have," Kenyon said.
"Without clear visibility and control, they are facing an unknown and unquantified security threat."
"Awareness of the importance of privilege management is growing, but we need to get to the point where it’s a standard measure for all organisations.
"These findings make it clear that it’s a critical element of an endpoint security strategy that just cannot be ignored."
The report added that about 60% of the 333 vulnerabilities reported by Microsoft in 2013 could have been redeemed by removing admin rights, while over half of the detected vulnerabilities involved Remote Code Execution.
In addition, if the malware infects a system running Windows users with ‘administrator’ rights, it would damage local as well as wider network.
"This analysis focuses purely on known vulnerabilities, and cyber criminals will be quick to take advantage of bugs that are unknown to vendors," Paul added.
"Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so."