A new report from the security firm Avecto said the vast majority of critical flaws affecting Windows, Office, and Internet Explorer could be stopped and prevented from spreading just by removing Administrator's rights from the PC's user.
The default setting for Windows users on a single-user system is Administrator, which simplifies things for all involved. But just as Administrator rights make it easy to install new software, it also makes it easy for critical vulnerabilities and malware to spread.
The report found:
- 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights.
- 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights.
- 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
- 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights.
- 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights.
- 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights.
The good news for business users is that your IT department has likely set your machine with a lower level of access that limits what can be done, including the installation of software with or without your permission. The bad news is your home PCs are likely all set to Administrator unless you’ve changed them.
Remote Code Execution exploits are the most common form of malware, so the 85% figure is tempting. But you also have to balance that with the fact that lower-level right might mean more headaches when installing software.
Avetco said that, while the percentage of vulnerabilities mitigated by removing admin rights has dropped, the overall number of vulnerabilities has increased significantly. So the threat to enterprise users remains high, and restricted access remains the best solution.