Removing admin rights mitigates most critical Microsoft vulnerabilities
Avecto has analyzed the security bulletins Microsoft released in the past year, and came to an important conclusion: an overwhelming majority of all the critical Microsoft vulnerabilities discovered and fixed in 2016 can be mitigated by simply removing admin rights across an organization.
The numbers and percentages are as follows:
- 530 vulnerabilities affecting Microsoft products were reported in 2016, and of these 189 were of critical severity. Still, 94 percent of them could be mitigated by removing users’ admin rights. Also, 66 percent of all Microsoft vulnerabilities reported in 2016 could be mitigated by removing admin rights.
- Windows 10 was affected by 395 vulnerabilities, Windows 8 and 8.1 by 265. 93 percent of the Windows 10 flaws could be mitigated by removing users’ admin rights.
- 100 percent of vulnerabilities impacting Microsoft Edge and Internet Explorer could be mitigated by removing admin rights.
- 79 vulnerabilities affecting Microsoft Office products (Office 2010, 2013, and 2016, Microsoft Excel, Word, PowerPoint, Visio and Publisher, among others) were reported, and of these 99 percent could be mitigated by removing admin rights. Also, the same action would mitigate 100 percent of those vulnerabilities in Office 2016, the latest version of the suite.
- 319 vulnerabilities were reported in the Windows Server OS. Of those, 108 were critical, and 90 percent of those were mitigated by the removal of admin rights.
“Times have changed; removing admin rights and controlling applications is no longer difficult to achieve,” Avecto co-CEO Mark Austin notes.
“Admin access to a local endpoint is the first step to accessing the whole company and its confidential data. To prevent insider threats companies need to start by limiting the administrative rights on endpoints,” says Microsoft MVP Sami Laiho.
“Implementing a proactive defense strategy, starting at the endpoint and building out with least privilege, simple application whitelisting and content isolation will put you in a much stronger position by reducing the attack surface and building secure defensible endpoints.”