BeyondTrust's findings show that among the 2008
Microsoft vulnerabilities given a "critical" severity
rating, 92 percent shared the same best practice advice
from Microsoft to mitigate the vulnerability: "Users
whose accounts are configured to have fewer user rights
on the system could be less impacted than users who
operate with administrative user rights." This language,
found in the "Mitigating Factors" portion of Microsoft's
security bulletins, also appears as a recommendation for
reducing the threat from nearly 70 percent of all
vulnerabilities reported in 2008.
Other key findings from BeyondTrust's report
show that removing administrator rights will better
protect companies against the exploitation of:
- 94 percent of Microsoft Office vulnerabilities
reported in 2008
- 89 percent of Internet Explorer vulnerabilities
reported in 2008
- 53 percent of Microsoft Windows vulnerabilities
reported in 2008
Further
illustrating the benefits to enterprises of removing
administrator rights from users, a recent Gartner report
states, "The Gartner TCO model shows a significant
reduction in TCO between a managed desktop where the
user is an administrator, compared with a desktop where
the user is a standard user.
Among the most remarkable observations is
that the model shows a 24 percent decrease in the amount
of IT labor needed for technical
support." Gartner, Inc.,
"Organizations That Unlock PCs Unnecessarily Will Face
High Costs," Michael A. Silver, Ronni J. Colville,
Dec.19, 2008.
"Companies face imminent danger
from zero-day threats as new vulnerabilities continually
crop up while patching efforts lag behind, and even
worse, many threats exist undetected," said John Moyer,
CEO of BeyondTrust. "Our findings reflect the critical
role that restricting administrator rights plays in
protecting against these types of threats.
This is achievable in
one simple step - adopting a strategy of Least Privilege
security. BeyondTrust has helped
over 500 companies equip their end users with those
privileges needed to do their jobs, while protecting
against zero-day threats and reducing risk."
To
learn more, download the complete BeyondTrust report
here,
Reducing the
Threat from Microsoft Vulnerabilities, and sign up
for a webinar below.
Join members of the BeyondTrust team for
an educational and informative Webinar to
learn how to eliminate admin rights across your
entire enterprise and still allow users to do their jobs
without interruption. During this Webinar you'll
learn how to:
(1) Increase network security
(2) Decrease desktop support costs
(3) Eliminate admin rights, while allowing standard
users to:
- Run authorized applications that require
administrator rights
- Install approved software
- Add local printers
- Install ActiveX controls
Sincerely,
PPN
-
Marketing
