The removal of administrator rights from Windows users is a mitigating factor for 90% of critical Windows 7 vulnerabilities, according to research by BeyondTrust.
The results demonstrate that as companies migrate to Windows 7 they’ll need to implement a desktop Privileged Identity Management solution, to reduce the risks from un-patched Microsoft vulnerabilities without inhibiting their users’ ability to operate effectively.
Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:
- 90% of critical Windows 7 vulnerabilities reported to date
- 100% of Microsoft Office vulnerabilities reported in 2009
- 94% of Internet Explorer and 100% of Internet Explorer 8 vulnerabilities reported in 2009
- 64% of all Microsoft vulnerabilities reported in 2009.
“Enterprises continue to face imminent danger from zero-day attacks as new vulnerabilities are exploited before patches can ever be developed and deployed,” said Steve Kelley, EVP of corporate development. “Our findings reflect the critical role that restricting administrator rights, plays in protecting against these types of threats. As companies migrate to Windows 7 they need to be aware that despite enhanced security features on the new operating systems, better controls for administrative rights are still needed to provide adequate protection.”
BeyondTrust’s report examines all of the published Microsoft vulnerabilities in 2009 and all of the published Windows 7 vulnerabilities to date to quantify the effectiveness of removing administrator rights for mitigating Microsoft vulnerabilities.
The report shows that the vast majority of vulnerabilities share the same best practice advice in the “Mitigating Factors” portion of Microsoft’s security bulletins: “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” Complete findings and methodology can be found online in the report.