Removing Admin Rights "Fixes" 94% of All Windows Critical Vulnerabilities

Topic

New Reply

Removing Admin Rights “Fixes” 94% of All Windows Critical Vulnerabilities
http://news.softpedia.com/news/most-of-microsoft-s-critical-vulnerabilities-solved-by-removing-admin-rights-513202.shtml

Analysing Microsoft’s 2016 security reports reveals that 94% of critical vulnerabilities could easily be mitigated

Feb 21, 2017 22:14 GMT · By Gabriela Vatu

Removing administrator rights could have helped mitigate 94% of all Windows vulnerabilities with a Critical rating, reveals a new analysis signed by global security software company Avecto.

After taking a look at all security bulletins issued by Microsoft throughout 2016, Avecto came up with a few key findings to shed some light on the overall security problems of Windows OS. During the whole 2016, 530 vulnerabilities were reported, a small increase over the previous year. When it comes to Critical vulnerabilities, the number dropped to 189, much better than in 2014 when 240 such problems were reported.

“Remote Code Execution vulnerabilities account for the largest proportion of total Microsoft vulnerabilities. Of these, 70% were classed as Critical. Almost 90% of total RCE vulnerabilities and 94% of Critical RCE vulnerabilities could be mitigated by removal of admin rights,” researchers note.

Another vulnerable asset of Microsoft is Edge, the company’s latest browser. A total of 111 vulnerabilities were discovered about the browser, 68 of which were critical. All of them could be mitigated by the simple removal of admin rights. The same could be done regarding Internet Explorer, related to which Microsoft announced 109 vulnerabilities, less than half compared to the previous year.

Office products, also vulnerable

……….

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Replies

… and, surprise, the company that produced the report has just one product which removes all admin rights and replaces UAC: https://www.avecto.com/defendpoint

Windows 11 Pro version 22H2 build 22621.2359 + Microsoft 365 + Edge

3 users thanked author for this post.

Noel Carboni, NetDef, woody

Reply | Quote

Yep, I tend to be a bit cautious on these types of reports – even when (and sometimes especially when) they agree with a stance I take with my clients.  Self serving reports only damage the perception of what for some companies is legitimate advice.

I do think – strongly – that end users in a corporate environment should not run as admin on their workstations.  I also provide a special domain  account that’s granted admin on all workstations – but not on the domain – for them to use when they need to update something legitimately.

At the same time, a well trained end user with a clear understanding of what risky behavior to avoid and with good technical mitigations in place can be perfectly fine running as admin.

And training . . . much training . . .

~ Group "Weekend" ~

2 users thanked author for this post.

Noel Carboni, ch100

Reply | Quote