The Most Effective Tactic to Mitigate 92% of Microsoft Vulnerabilities
Any software product that is installed on a computer can have vulnerabilities. When it comes to such vulnerabilities, Microsoft products are usually some of the most popular to have their vulnerabilities published. The number of Microsoft products in use have a lot to do with such publicity.
A report recently released by Avecto has shed some light on Microsoft product vulnerabilities, and how a simple change in the way we access our computers can mitigate 92% of all vulnerabilities released in 2013. The change is one that I have advocated everyone make when running Windows 7 and above, and this report shows the difference the change can make.
Standard User Accounts
The one thing that has set Windows apart from most other operating systems is that a user in Windows was usually an administrator account. Using such an account provided unlimited access to everything on a computer. No restrictions.
While this may sound like a great idea to many people, it has the unwelcome effect of making a computer very unsecure. Every application that is run by an administrator also has unrestricted access to the computer, and that includes malware.
Starting with Windows Vista, Microsoft finally made a consumer operating system that doesn’t need a user to run as an administrator, but rather as a standard user account. A standard user account is restricted in that such an account cannot make any changes that will affect other users. This means that malware run by one user shouldn’t impact anyone else that uses that computer.
By using a Windows standard user account, instead of an administrator account, a report by Avecto found that 92% of all critical vulnerabilities reported by Microsoft in 2013 could have been mitigated.
The report looks at not only Windows, but also Internet Explorer and Microsoft Office. The numbers for all vulnerabilities that could be mitigated by switching account types is staggering.
Avecto researched all 333 vulnerabilities reported by Microsoft in 2013. They used the Executive Summary for each vulnerability to decide if Microsoft indicated the vulnerability would impact non-administrative users.
The findings from their research prove have important it is to use a standard user account in Windows than an administrator account.
Out of the 333 vulnerabilities, 60% of the vulnerabilities could have been mitigated by removing administrator rights. From the 333 vulnerabilities, 147 vulnerabilities were marked as Critical. An astonishing 92% of the Critical vulnerabilities could have been mitigated by not using an administrative account.
With regards to the Windows operating systems (XP, Vista, Windows 7 and, Windows 8), 252 vulnerabilities were reported by Microsoft with 54% marked as critical. How many of the critical vulnerabilities could have been mitigated? A total of 96% of the critical Windows vulnerabilities.
The real astonishing numbers come from the Internet Explorer vulnerabilities. Microsoft reported 123 vulnerabilities affecting Internet Explorer versions 6-11. By running a non-administrator account, 100% of the Internet Explorer vulnerabilities could have been mitigated.
The Microsoft Office vulnerabilities affect Office 2003, Office 2010, Outlook 2007, Outlook 2010, and Outlook 2013. In 2013, Microsoft report 46 vulnerabilities, with 83% being rated as critical.
By using a non-administrator account, 91% of Office vulnerabilities would have been mitigated.
A More Secure User
With Windows XP retiring, and the move to Windows 7 and above, the ability to use a non-administrative user is now the reality of any Windows user. By switching the account to a standard user, you can mitigate almost all vulnerabilities for Microsoft products on your computer.
I have run as a standard user account for over four years, and haven’t had any problems with running applications with a non-administrator account. Much like other operating systems, when you need an administrator account, such as installing software, Windows will prompt you for the administrator password to allow the install to continue.
While having complete, unrestricted access to your computer may sound like a great idea, the risk of leaving your computer open to hundreds of vulnerabilities may not justify the ease-of-use.
Protect your computer by switching to a standard user account.
For a full detail of the report, you can download the 2013 Microsoft Vulnerabilities Study: Mitigating Risk by Removing User Privileges directly from Avecto.