Pownce Refugees

Keeping the community alive, post Pownce

90 percent of Windows 7 flaws fixed by removing admin rights


After tabulating all the vulnerabilities published in Microsoft's 2009
Security Bulletins, it turns out 90 percent of the vulnerabilities can
be mitigated by configuring users to operate without administrator
rights, according to a report by BeyondTrust. As for the published
Windows 7 vulnerabilities through March 2010, 57 percent are no longer
applicable after removing administrator rights. By comparison, Windows
2000 is at 53 percent, Windows XP is at 62 percent, Windows Server 2003
is at 55 percent, Windows Vista is at 54 percent, and Windows Server
2008 is at 53 percent. The two biggest exploited Microsoft applications
also fare well: 100 percent of Microsoft Office flaws and 94 percent of
Internet Explorer flaws (and 100 percent of IE8 flaws) no longer work.

This is good news for IT departments because it means they can
significantly reduce the risk of a security breach by configuring the
operating system for standard users rather than an administrator.
Despite unpredictable and evolving attacks, companies can very easily
protect themselves or at least reduce the effects of a newly discovered
threat, as long as they're OK with their users not installing software
or using many applications that require elevated privileges.

In total, 64 percent of all Microsoft vulnerabilities reported last year
are mitigated by removing administrator rights. That number increases
to 81 percent if you only consider security issues marked Critical, the
highest rating Redmond gives out, and goes even higher to 87 percent if
you look at just Remote Code Execution flaws. Microsoft published 74
Security Bulletins in 2009, spanning around 160 vulnerabilities (133 of
those were for Microsoft operating systems). The report, linked below,
has a list of all of them, which software they affect, and which ones
are mitigated by removing admin rights.

Views: 17

Comment

You need to be a member of Pownce Refugees to add comments!

Join Pownce Refugees

© 2017   Created by Heidi Cool.   Powered by

Report an Issue  |  Terms of Service