Slashdot Mirror

← Back to Stories (view on slashdot.org)

94% of Microsoft Vulnerabilities Can Be Mitigated By Turning Off Admin Rights (computerworld.com)

Posted by EditorDavid on from the or-by-not-using-Microsoft-products dept.

An anonymous reader quotes Computerworld: If you want to shut out the overwhelming majority of vulnerabilities in Microsoft products, turn off admin rights on the PC. That's the conclusion from global endpoint security firm Avecto, which has issued its annual Microsoft Vulnerabilities report. It found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year. This is especially true with the browser, for those who still use Microsoft's browsers. 100% of vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported... Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46% more than Windows 8 and Windows 8.1 (265 each). Avecto found that 93% of Windows 10 vulnerabilities could be mitigated by removing admin rights.
Of course, the stats are based on vulnerabilities announced in Microsoft Security Bulletins, but there's an overwhelming pattern. Turning off admin rights mitigated the vast majority of vulnerabilities, whether it was Windows Server (90%) or older versions of Microsoft Office (99%). And turning off admin rights in Office 2016 mitigated 100% of its vulnerabilities.

6 of 238 comments (clear)

  1. 100% of Microsoft Vulnerabilities by Anonymous Coward · · Score: 5, Funny

    100% of Microsoft Vulnerabilities Can Be Mitigated By not using Windows

  2. Not viable on Windows 10 by Anonymous Coward · · Score: 5, Informative

    as it is on macOS. On W10, for some things it will ask you to identify as an admin, and proceed, and for other things it will just fail instead, either forcing you to relog as admin, or to enable admin for your main account. They couldn't even make this work.

    1. Re:Not viable on Windows 10 by Alcemenes · · Score: 5, Insightful

      I think you hit the nail on the head right there. I've always felt the interface to gain admin on Windows has been clunky and inconsistent at best.

    2. Re:Not viable on Windows 10 by aaarrrgggh · · Score: 5, Insightful

      It is very much on par with recommending not to plug the computer in to improve security. Too much of the system still requires administrative rights for it to be viable.

  3. Re:Also in the news by KiloByte · · Score: 5, Insightful

    Hell yeah. Especially browsers have never, ever a reason to run as root.
    -rwsr-xr-x 1 root root 18768 Feb 19 21:17 /usr/lib/chromium/chrome-sandbox

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Re:Duh? by TechyImmigrant · · Score: 5, Insightful

    Who runs with full admin rights?

    Define 'full'.

    I run with admin rights on my Windows 10 machine because it's the default and it's a pain in the neck to run without. "Sorry you don't have permissions to set the clock".

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.