Thursday, 05 February 2009 19:00

Report shows 92% of critcal Microsoft vulnerabilities can be eliminated by removal of admin rights

BeyondTrust Corporation, the first provider of Least Privilege Management solutions, today published research findings stating that the removal of administrator rights from Windows users is a mitigating factor for the vast majority of all Microsoft software vulnerabilities reported by Microsoft in 2008. The results demonstrate that by configuring users as standard users, companies can better protect themselves against malware and zero-day threats.
BeyondTrust's findings show that among the 2008 Microsoft vulnerabilities given a "critical" severity rating, 92 percent shared the same best practice advice from Microsoft to mitigate the vulnerability: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights." This language, found in the "Mitigating Factors" portion of Microsoft's security bulletins, also appears as a recommendation for reducing the threat from nearly 70 percent of all vulnerabilities reported in 2008.

Other key findings from BeyondTrust's report show that removing administrator rights will better protect companies against the exploitation of:

* 94 percent of Microsoft Office vulnerabilities reported in 2008
* 89 percent of Internet Explorer vulnerabilities reported in 2008
* 53 percent of Microsoft Windows vulnerabilities reported in 2008

Further illustrating the benefits to enterprises of removing administrator rights from users, a recent Gartner report states, "The Gartner TCO model shows a significant reduction in TCO between a managed desktop where the user is an administrator, compared with a desktop where the user is a standard user. Among the most remarkable observations is that the model shows a 24 percent decrease in the amount of IT labor needed for technical support." Gartner, Inc., "Organizations That Unlock PCs Unnecessarily Will Face High Costs," Michael A. Silver, Ronni J. Colville, Dec.19, 2008.

"Companies face imminent danger from zero-day threats as new vulnerabilities continually crop up while patching efforts lag behind, and even worse, many threats exist undetected," said John Moyer, CEO of BeyondTrust. "Our findings reflect the critical role that restricting administrator rights plays in protecting against these types of threats. This is achievable in one simple step - adopting a strategy of Least Privilege security. BeyondTrust has helped over 500 companies equip their end users with those privileges needed to do their jobs, while protecting against zero-day threats and reducing risk."

A downloadable copy of this report is available at the BeyondTrust web site,
About BeyondTrust

BeyondTrust Corporation, a pioneer in Least Privilege Management, enables enterprises to move beyond the need to trust users with excess privileges or administrator passwords. BeyondTrust Privilege Manager was the first product to enable the security best practice of Least Privilege in Windows environments by allowing administrators to assign end-users permissions for required or selected applications. Least Privilege strengthens security by limiting users to the permissions they need to do their jobs. Hundreds of organizations worldwide in industries such as financial, healthcare, government and military rely on BeyondTrust Privilege Manager to secure their enterprises. BeyondTrust is a Microsoft Gold Partner.

BeyondTrust’s flagship product, Privilege Manager, has won many prestigious awards, including the 2008 Technology of the Year award by IDG’s InfoWorld in the category of "Best Windows Client Security". Privilege Manager also received two "2008 Editors’ Choice Awards" from Redmond magazine and was also named "Hot Pick" in an October 2007 product review by Information Security magazine. Additionally, Privilege Manager was a 2007 winner of the "Tech·Ed Attendees’ Pick" award and a Security category finalist for the Best of Tech·Ed 2007 awards by Penton Media’s Windows IT Pro, SQL Server Magazine and Office & SharePoint BeyondTrust was also named a 2007 "Hot Company" by Info Security Products Guide.

BeyondTrust is distributed in Australian and New Zealand by Kaon Technologies Ltd.

Read 3124 times

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.



Related items

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News