64% of MS Vulnerabilities Mitigated by Removing Admin Rights

As geeks, we’re well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSAlert, it’s often hard to illustrate just how important it is – until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply… Not running as administrator.

Despite the advances made by Microsoft on securing Windows, the fact of the matter is that the first user created on a new system is always administrator. This means that many (most?) Windows users out there are running as administrator, and as BeyondTrust’s report shows – that’s incredibly insecure.

Of the total amount of security vulnerabilities put out by Microsoft in 2009, across all versions of Windows and Office, 64% are mitigated by removing administrator rights. Microsoft published 190 security vulnerabilities last year, and 121 of them are thwarted by running without administrator rights.

Breaking it down per product, the figures become even more interesting. Microsoft reported 55 Office vulnerabilities in 2009, and all of them are mitigated by removing admin rights. Of the 33 Internet Explorer issues reported, 94% were thwarted by removing admin rights. For Internet Explorer 8, 100% would be. If we restrict the vulnerabilities to just Windows, we see that 53% can be mitigated by not running as admin.

The threat of the most severe type of vulnerability, the ones that would allow remote code execution, can be greatly educed by not running as admin: 87% of them are ineffective when you do not run as administrator.

These figures how us exactly what we already knew: running as administrator is stupid, and asking for trouble. All the more reason for Microsoft to finally abolish that quaint custom of making the first user an administrator.

65 Comments

  1. 2010-03-31 2:57 pm
    • 2010-03-31 3:29 pm
      • 2010-03-31 3:59 pm
        • 2010-03-31 6:11 pm
          • 2010-03-31 6:39 pm
        • 2010-03-31 7:52 pm
    • 2010-03-31 7:45 pm
      • 2010-04-01 10:52 pm
  2. 2010-03-31 3:04 pm
    • 2010-03-31 4:34 pm
      • 2010-03-31 10:28 pm
        • 2010-04-01 3:16 am
  3. 2010-03-31 3:34 pm
    • 2010-03-31 3:47 pm
      • 2010-03-31 10:29 pm
    • 2010-03-31 4:15 pm
      • 2010-03-31 4:30 pm
        • 2010-03-31 4:50 pm
      • 2010-03-31 4:57 pm
        • 2010-03-31 5:08 pm
          • 2010-03-31 5:15 pm
          • 2010-03-31 5:20 pm
          • 2010-04-01 2:59 am
          • 2010-04-01 1:09 pm
      • 2010-03-31 5:06 pm
        • 2010-03-31 5:12 pm
        • 2010-03-31 5:12 pm
          • 2010-03-31 5:34 pm
        • 2010-04-01 2:56 am
          • 2010-04-01 1:04 pm
      • 2010-03-31 6:08 pm
    • 2010-03-31 6:03 pm
      • 2010-03-31 9:54 pm
        • 2010-04-01 4:49 am
          • 2010-04-01 5:36 am
        • 2010-04-01 12:58 pm
  4. 2010-03-31 3:49 pm
    • 2010-03-31 5:31 pm
    • 2010-04-04 5:42 pm
  5. 2010-03-31 4:05 pm
  6. 2010-03-31 4:11 pm
  7. 2010-03-31 4:42 pm
    • 2010-03-31 5:03 pm
    • 2010-03-31 5:11 pm
  8. 2010-03-31 5:17 pm
  9. 2010-03-31 6:34 pm
    • 2010-03-31 7:37 pm
    • 2010-03-31 8:06 pm
  10. 2010-03-31 6:43 pm
    • 2010-03-31 8:27 pm
  11. 2010-04-01 1:59 am
  12. 2010-04-01 2:22 am
    • 2010-04-01 4:06 am
      • 2010-04-01 7:37 am
        • 2010-04-01 3:33 pm
        • 2010-04-01 6:38 pm
    • 2010-04-01 4:22 am
      • 2010-04-01 7:34 am
        • 2010-04-01 3:38 pm
    • 2010-04-01 7:46 am
  13. 2010-04-01 12:46 pm
    • 2010-04-01 7:33 pm
  14. 2010-04-01 9:32 pm
  15. 2010-04-02 2:43 am
  16. 2010-04-05 2:56 pm