Technology Releases - Security

BeyondTrust Corporation, the first provider of Least Privilege Management solutions, today published research findings stating that the removal of administrator rights from Windows users is a mitigating factor for the vast majority of all Microsoft software vulnerabilities reported by Microsoft in 2008. The results demonstrate that by configuring users as standard users, companies can better protect themselves against malware and zero-day threats.

BeyondTrust's findings show that among the 2008 Microsoft vulnerabilities given a "critical" severity rating, 92 percent shared the same best practice advice from Microsoft to mitigate the vulnerability: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights." This language, found in the "Mitigating Factors" portion of Microsoft's security bulletins, also appears as a recommendation for reducing the threat from nearly 70 percent of all vulnerabilities reported in 2008.

Other key findings from BeyondTrust's report show that removing administrator rights will better protect companies against the exploitation of:

* 94 percent of Microsoft Office vulnerabilities reported in 2008
* 89 percent of Internet Explorer vulnerabilities reported in 2008
* 53 percent of Microsoft Windows vulnerabilities reported in 2008

Further illustrating the benefits to enterprises of removing administrator rights from users, a recent Gartner report states, "The Gartner TCO model shows a significant reduction in TCO between a managed desktop where the user is an administrator, compared with a desktop where the user is a standard user. Among the most remarkable observations is that the model shows a 24 percent decrease in the amount of IT labor needed for technical support." Gartner, Inc., "Organizations That Unlock PCs Unnecessarily Will Face High Costs," Michael A. Silver, Ronni J. Colville, Dec.19, 2008.

"Companies face imminent danger from zero-day threats as new vulnerabilities continually crop up while patching efforts lag behind, and even worse, many threats exist undetected," said John Moyer, CEO of BeyondTrust. "Our findings reflect the critical role that restricting administrator rights plays in protecting against these types of threats. This is achievable in one simple step - adopting a strategy of Least Privilege security. BeyondTrust has helped over 500 companies equip their end users with those privileges needed to do their jobs, while protecting against zero-day threats and reducing risk."

A downloadable copy of this report is available at the BeyondTrust web site, www.beyondtrust.com
About BeyondTrust

BeyondTrust Corporation, a pioneer in Least Privilege Management, enables enterprises to move beyond the need to trust users with excess privileges or administrator passwords. BeyondTrust Privilege Manager was the first product to enable the security best practice of Least Privilege in Windows environments by allowing administrators to assign end-users permissions for required or selected applications. Least Privilege strengthens security by limiting users to the permissions they need to do their jobs. Hundreds of organizations worldwide in industries such as financial, healthcare, government and military rely on BeyondTrust Privilege Manager to secure their enterprises. BeyondTrust is a Microsoft Gold Partner.

BeyondTrust’s flagship product, Privilege Manager, has won many prestigious awards, including the 2008 Technology of the Year award by IDG’s InfoWorld in the category of "Best Windows Client Security". Privilege Manager also received two "2008 Editors’ Choice Awards" from Redmond magazine and was also named "Hot Pick" in an October 2007 product review by Information Security magazine. Additionally, Privilege Manager was a 2007 winner of the "Tech·Ed Attendees’ Pick" award and a Security category finalist for the Best of Tech·Ed 2007 awards by Penton Media’s Windows IT Pro, SQL Server Magazine and Office & SharePoint Pro.com. BeyondTrust was also named a 2007 "Hot Company" by Info Security Products Guide.

BeyondTrust is distributed in Australian and New Zealand by Kaon Technologies Ltd. www.kaon.co.nz


 

<a href="http://www.whatech.com.au/technology-releases/security/157-report-shows-92-of-critcal-microsoft-vulnerabilities-can-be-eliminated-by-removal-of-admin-rights">Report shows 92% of critcal Microsoft vulnerabilities can be eliminated by removal of admin rights</a>

Contact Author

Your name:
Email:
Security Code:
Message: