Report: 92 Percent Of Critical Microsoft Vulnerabilities Are Mitigated By Eliminating Administrator Rights -- Security Today

Report: 92 Percent Of Critical Microsoft Vulnerabilities Are Mitigated By Eliminating Administrator Rights

Feb 05, 2009

BeyondTrust Corp. recently published research findings stating that the removal of administrator rights from Windows users is a mitigating factor for the vast majority of all Microsoft software vulnerabilities reported by Microsoft in 2008.

The results demonstrate that by configuring users as standard users, companies can better protect themselves against malware and zero-day threats. Complete findings and methodology can be found online in a new report, titled “Reducing the Threat from Microsoft Vulnerabilities.”

BeyondTrust’s findings show that among the 2008 Microsoft vulnerabilities given a “critical” severity rating, 92 percent shared the same best practice advice from Microsoft to mitigate the vulnerability: “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

This language, found in the “Mitigating Factors” portion of Microsoft’s security bulletins, also appears as a recommendation for reducing the threat from nearly 70 percent of all vulnerabilities reported in 2008.

Other key findings from BeyondTrust’s report show that removing administrator rights will better protect companies against the exploitation of:

94 percent of Microsoft Office vulnerabilities reported in 2008.
89 percent of Internet Explorer vulnerabilities reported in 2008.
53 percent of Microsoft Windows vulnerabilities reported in 2008.

Further illustrating the benefits to enterprises of removing administrator rights from users, a recent Gartner report states: “The Gartner TCO model shows a significant reduction in TCO between a managed desktop where the user is an administrator, compared with a desktop where the user is a standard user. Among the most remarkable observations is that the model shows a 24 percent decrease in the amount of IT labor needed for technical support.”

The complete report can be viewed at http://www.beyondtrust.com/documentation/whitePapers/wp_VulnerabilityReport.pdf.

Featured

Browser-Based AI Agents: The Silent Security Threat Unfolding

Some of the most revolutionary advances in artificial intelligence include browser-based AI agents, which are self-sustaining software tools integrated into web browsers that act on behalf of individuals. Read Now
- Cybersecurity
Report: Cybercriminals Abandon Tech Tricks for Personalized Email Deception Tactics

VIPRE Security Group, a cybersecurity, privacy, and data protection company, has released its email threat landscape report for Q2 2025. Through an examination of worldwide real-world data, this report sounds the alarm on the most significant email security trends observed in the second quarter of 2025, enabling organizations to develop effective email security defenses for the remainder of the year. Read Now
- Cybersecurity
AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks

Veracode, a provider of application risk management, recently unveiled its 2025 GenAI Code Security Report, revealing critical security flaws in AI-generated code. The study analyzed 80 curated coding tasks across more than 100 large language models (LLMs), revealing that while AI produces functional code, it introduces security vulnerabilities in 45 percent of cases. Read Now
- Artificial Intelligence
- Cybersecurity
Unlocking the Possibilities

Security needs continue to evolve and end users are under pressure to address emerging risks and safety concerns. For many, that focus starts with upgrading perimeter openings and layering technologies—beginning at the door. Read Now
- Access Control
- Dealers and Integrators
Freedom of Choice

In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now
- Video Surveillance

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.