Did you know that by preventing access to administrator accounts, you could protect all the computers under your management and also prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft has fixed over the past year?
That’s the conclusion of a study carried out by cyber-security firm Avecto, which had already conducted a study on the same subject in 2015, discovering that sysadmins could mitigate 86% of all vulnerabilities fixed by Microsoft in 2015 alone by disabling administrator rights.
Removing administrator rights blocks all IE, Edge and Office 2016 security threats
Avecto’s 2016 study points out another, even more interesting aspect: if sysadmins had forced users to use a “low-privileged account” instead of their administrator profile, they could have mitigated 100% of the critical vulnerabilities in IE and the Microsoft Edge browser (vulnerabilities resolved over the past year).
The same 100% threshold is valid for Office 2016, and shows us once again the large number of security threats that a system administrator could mitigate if they used good user management practice.
Times have changed.
Removing administrator rights and controlling applications are no longer difficult tasks.
says Mark Austin, co-founder and co-CEO at Avecto, sharing the opinion of Sami Laiho, a well-known Windows security specialist(link).
In the graph below you won’t find the medium and low level security threats, simply because their impact had already been considered insufficient to receive a “critical” classification, whatever the user’s access level.
The simple conclusion of the Avecto study is that companies and users could avoid malware infections and network compromises if they followed the example of Linux users and didn’t use their admin accounts as basic profiles.
