The dangers of admin rights

The majority of critical vulnerabilities in Microsoft software would not have had as severe an impact if certain users did not have admin rights, a UK security firm claims.

Avecto’s research shows admin rights were needed in order to exploit 99.5 per cent of flaws in Internet Explorer, 97 per cent in Windows operating systems and 95 per cent of those found in Office. Although removing admin rights from users wouldn’t protect people completely, these vulnerabilities would’ve had less of an impact.

The number of critical Microsoft vulnerabilities popping up each year is increasing at an alarming rate too. In 2014, 240 vulnerabilities were found in Microsoft programs, a 63 per cent rise on the previous year, meaning IT departments certainly have their work cut out.

Avecto states that although IT departments ideally need a variety of strategies in place to deal with the number of security flaws, companies that control and manage their staff’s admin rights correctly would give themselves a head start. Most members of staff would not usually be given admin rights on their work PCs, but it is not always easy to remove them. This is especially true of PCs running versions of Windows that utilise older applications.

Paul Kenyon, Avecto’s European vice president, notes that reactive strategies are no longer enough to cope with the sheer amount of vulnerabilities found within Microsoft products every year. Passive tools, such as detection technologies, cannot be relied upon, but there does seem to be a huge benefit to removing admin rights.

Users with admin rights have the ability to install applications, a right that could easily become dangerous if someone else were given access via any vulnerabilities. Mr Kenyon does state, however, that privilege management must be layered with additional proactive approaches, like patch management, application control and sandboxing.


Is the security of your business under threat? We can help you find out!

We offer a FREE 2 hour IT review.
Simply fill out the form below and one of our engineers will happily arrange an appointment.

Error: Contact form not found.