Report: 92 Percent Of Critical Microsoft Vulnerabilities Are Mitigated By Eliminating Administrator Rights

  • Feb 05, 2009

BeyondTrust Corp. recently published research findings stating that the removal of administrator rights from Windows users is a mitigating factor for the vast majority of all Microsoft software vulnerabilities reported by Microsoft in 2008.

The results demonstrate that by configuring users as standard users, companies can better protect themselves against malware and zero-day threats. Complete findings and methodology can be found online in a new report, titled “Reducing the Threat from Microsoft Vulnerabilities.”

BeyondTrust’s findings show that among the 2008 Microsoft vulnerabilities given a “critical” severity rating, 92 percent shared the same best practice advice from Microsoft to mitigate the vulnerability: “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

This language, found in the “Mitigating Factors” portion of Microsoft’s security bulletins, also appears as a recommendation for reducing the threat from nearly 70 percent of all vulnerabilities reported in 2008.

Other key findings from BeyondTrust’s report show that removing administrator rights will better protect companies against the exploitation of:

  • 94 percent of Microsoft Office vulnerabilities reported in 2008.
  • 89 percent of Internet Explorer vulnerabilities reported in 2008.
  • 53 percent of Microsoft Windows vulnerabilities reported in 2008.

Further illustrating the benefits to enterprises of removing administrator rights from users, a recent Gartner report states: “The Gartner TCO model shows a significant reduction in TCO between a managed desktop where the user is an administrator, compared with a desktop where the user is a standard user. Among the most remarkable observations is that the model shows a 24 percent decrease in the amount of IT labor needed for technical support.”

The complete report can be viewed at http://www.beyondtrust.com/documentation/whitePapers/wp_VulnerabilityReport.pdf.

Featured

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

  • Security Industry Association Announces the 2026 Security Megatrends

    The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.