Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts

Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts

Summary: A recently released report by BeyondTrust entitled "Reducing the Threat from Microsoft Vulnerabilities" indicates that that according to the company's analysis of all the security bulletins Microsoft published in 2008, 92% of the critical vulnerabilities could have been mitigated by the principle of the least privilege.

SHARE:
TOPICS: Security
167

A recently released report by BeyondTrust entitled "Reducing the Threat from Microsoft Vulnerabilities" indicates that that according to the company's analysis of all the security bulletins Microsoft published in 2008, 92% of the critical vulnerabilities could have been mitigated by the principle of the least privilege.

Despite the fact that Microsoft's products continue topping the "successfully exploited charts" in each and every web malware exploitation kit (go through sample infection rates), long gone are the days when Microsoft's products are targeted exclusively. Nowadays, in order to better optimize a malware campaign, a web malware exploitation kit is targeting a diverse set of client-side software/browser plugins.

Here are some of the key points from the report :

  • 92% of Critical Microsoft vulnerabilities are mitigated by configuring users to operate without administrator rights
  • Of the total published Microsoft vulnerabilities, 69% are mitigated by removing administrator rights
  • By removing administrator rights companies will be better protected against exploitation of 94% of Microsoft Office, 89% of Internet Explorer, and 53% of Microsoft Windows vulnerabilities
  • 87% of vulnerabilities categorized as Remote Code Execution vulnerabilities are mitigated by removing administrator rights

Interestingly, starting from the basic fact that the client-side vulnerabilities exploited through the web exploitation kits have had their associated patches for months, sometimes years, end users appear to not only lack understanding of least privilege accounts, but also, still believe that patching their browser is where the self-auditing process both, starts and ends.

Moreover, the ongoing Conficker/Downadup malware campaign which has already passed the 10 million infected hosts milestone, is a very recent example of another phenomenon - the fact that millions of end users and possibly companies, are on purposely using pirated copies of Windows and are therefore using highly vulnerable, yet Internet connected, versions of it. The proof? Symantec's geolocated graph of infected Conficker hosts speaks for itself, as the countries having the highest software piracy rate, are in fact the ones most heavily hit by the malware.

However, least privilege accounts can always be used by both, legitimate users and software pirates altogether, which when combined with a decent situational awareness in the sense of knowing the current attack tactics, is prone to decrease their chance of getting successfully compromised.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

167 comments
Log in or register to join the discussion
  • Re:using pirated windows

    There is no reason that pirated versions of windows should be more vulnerable than genuine ones, this statistic only shows the lack of knowledge and common sense that the people using pirated windows have, since they don't seem to know how to protect themselves or prevent malware infection. After all they mostly live in developing countries in a world of ignorance.
    JMGM
    • Well....

      Unless you are not able to update through windows update then you would be more vulnerable. Seems logical to me that an unpatched system is more vulnerable than a patched one. And I doubt these users are making sure they are protected by other means. I would bet alot of these systems are connected directly to the internet and not behind a firewall as well. It all adds up to high risk computing.
      OhTheHumanity
      • Microsoft will gladly update them.

        They can't afford to lose the "mind share".
        kozmcrae
        • RE: Microsoft will gladly update them.

          Microsoft will not gladly update them if they do not have a "genuine Microsoft version." In fact one of the virus I was battling the other day, disabled the Microsoft Updater also. Unfortunately the update might have helped fix the virus problem too, but had to fix the virus to do the updates.
          LSWVN
          • They do in the US.

            The theory is that ,even if not legal, MS wants all systems to update. So only non-security updates are kept from them. Security updates are still sent out. I know this from first hand experience and it is well documented as well.

            In your stated example, windows could have been updated but the user must have turned it off to get the virus. A lot of problems would be prevented by those who know of pirated systems to inform the owners of this fact.
            sjbinaz
          • They do .... and updates have nothing to do with viruses

            MICROSOFT UPDATES:

            On Pirated copies, as long as you dont install SP3 and the associated WGA program - and subsequently refuse to install it (and you do have that choice) MS will still provide ALL of the updates.

            How do I know? Because Micro$oft has made a pirate out of me by only allowing me to have two computers with a legitimate copy XP (using the same key) on my home network (I aint shelling out any more of my cash for simply one more license). So my third computer is ....... (oh, and my fourth computer on my home network? That's running a legit copy of Win98SE - need it for my games that wont run on XP because of the filling system amongst other things)

            All you have to do is set the automatic update to 'notify me but dont automatically download and install them' consequently when updates are available simply check the 'custom install' box and uncheck the WGA tool.

            Note: after a few times you even get another dialog box that allows you to check a box to never be bothered with that particular item again.

            BUT this will only work if you dont install SP3. IF you installed SP3 and your copy of XP was a 'pirated' copy then you are toast if you dont do anything within 30 days.

            VIRUS SCANNERS - NOT A WINDOWS UPDATE ISSUE:

            Windows has never to my knowledge had an inbuilt virus scannner - never. That's why you either buy one or you use one of the many good free AV programs that are on the net.

            IT IS A DIFFERENT ISSUE TO UPDATING WINDOWS.

            Most if not all AV programs have the ability to self-update independent of the windows updater.

            So if you caught a bug blame yourself for not either having an AV program or not updating the one that you have.
            goldenpirate@...
          • Security holes often = bypassing AV

            Fortunately an external firewall catches the majority of exploits for missing patches where the exploits are not loaded via browser.

            Still it is worth knowing that AV software can often be bypassed by security holes. AV software takes TIME to run against files and relies upon normal system access to become aware of file changes. Fortunately most security holes are never exploited to their full potential. Worms often enter without hitting the disk file system directly and are running processes before an official file gets written.

            Fortunately for you that you are getting most patches.

            However, the mode you are running in can still result in virus being promptly removed AFTER initial infection begins. This is dangerous because really sophisticated virii can disable AV software early & sometimes in ways that everything looks like it is running and updating correctly. Heh, and in fact it might even be running correctly for everything but the false reports about the virii/trojan/downloader/zombie.

            A clean AV report can at times mean nothing except you have a solid well built piece of malware using part of your resources.

            :) And be honest you paid for one OS and are using 4. I am willing to bet the XP license is an update of your 98 license. And after SP2 I found very few games that can not be made to run under XP. The real reason for 98 is usually to fit hardware resource restriction on an old gaming machine like small hard drive or 486/early Pentinum CPU and low memory. But no worries 98 is semi-public from MS view point of unsupported OSes...as long as you ar private use and aren't making $$$ MS doesn't care.
            wellduh
          • Rumor not fact

            I saw this proposed by those outside MS and discussed by MS. But in fact if you install from genuine (unaltered) media, MS lets you get no farther than offering to sell you a legal copy at discount price.

            However alteration to bypass this is ancient and fairly simple. Maybe your software was even altered on the cloned installation CD.

            Heh may be the pirate's club needs to circulate its own update disk that adds missing alterations to get web updates as well as applies current MS patches. It is a well documented MS process for vendors and large institution administrators. But a bit of a pain to create. LOL - everything would be "legal" except the alteration for free patching without validation...oh and posting the CD download on Piratebay.org torrents. But as expected the Netherlands legalized that in a very international way. (Did anyone expect different from a country that generates a small but notable percent of GNP from its red light district? Not just Americans go there. Nevada is small beans compared to Amsterdam. Different culture.)
            wellduh
      • Mis-placed "not" in first sentence.

        Reading that way being "not" updated would mean you are less vulnerable.
        sjbinaz
    • What if the malware is built in?

      You statement is invalid as pirirate versions of software are routinely tagged with viruses. Plus if a person is using pirated Windows, that probably means other pirated stuff and more things tagged with malware.

      Heatlesssun
      • Actually....

        You may have a risk of getting malware built in with windows if you download the counterfeit from torrents or p2p networks, but here in my country you can actually BUY pirated windows for 1$, this version is guaranteed malware free, and is certified to work with windows update(this is to reply to earlier comments), hell you even get ultimate extras(which are pretty useless but show that you get ALL updates)
        JMGM
      • Yup & even w/o SP3 miss some

        The best pirate situation is where you can simply live with a amount of virii and do not mind reloading a clean disk image occasionally. If you use an external firewall and the machine is dedicated to gaming and never browses -- you can go a long time between reloading disk images.

        However, for more general users, SP3 checks apply mainly for the routine windows updates. SP2 will let you sneak downloads of most short patches. However, major updates of major software components like .NET or DirectX usually have standalone "genuine MS" software right in with the self decompression software that download under SP2.

        So you miss these updates...unless you seek files from the near professional talents who can remove MS decompression and validation wrapper software or build new distribution packages from snapshots.

        And as noted people willing to do this often package in their own malware in the new MS validation free updates...unless you are a personal friend. And if you are really a personal friend, remember you are mixing with the caliber of cracker/hackers that may well be sought and prosecuted in FBI/MS sweep some day. A friendship that can set you apart and get you caught too.


        wellduh
    • you're the ignoramous ...

      and it shows by your comment ....

      "..... this statistic only shows the lack of knowledge and common sense that the people using pirated windows have, since they don't seem to know how to protect themselves or prevent malware infection. After all they mostly live in developing countries in a world of ignorance."

      I'm prepared to bet that a lot of people who live in third world countries are a lot less ignorant and a lot smarter than you have shown yourself to be!
      goldenpirate@...
      • Really?

        For a matter of fact I live in a developing country so my claims are based on what I see every day rather than unfunded ones(claims like yours).
        Next time you may come up with something constructive and useful instead of vague and cheap talk.
        JMGM
    • Lawsuit for Free Patch & Support for Pirated

      MS blocks patches to badly pirated software. Thus pirate software often does not get the security updates. Thus more vulnerable. Guess you are not as computer literate as you thought.

      The lawsuits are out there in national and international courts. But except in a couple 3rd world countries without enough computers to matter, these public service lawsuits are not yet won and past appeal. When sufficient public greed yields eminent domain over corporate greed, commercial software and its security patches will be free to everyone...until the corporations fold.
      wellduh
  • No surprise to those of us in the know.

    I've always maintained that Windows' security is very effective as long as it's not essentially bypassed by using an administrative account.

    Unfortunately my argument was more academic as it was difficult for the average user to run as a standard user. At least until the release of Vista.

    Unfortunately Windows 7 looks to be taking a step backwards here.
    ye
    • Those of us in the know

      bypass all of this expensive nonsense by installing something better called Linux.

      It is amazing how a big brand name is enough to keep those not in the know wasting their own and others time, energy and resources ...

      There's one thing that Microsoft do well - they show how imbecillic people can be ;-)
      fr0thy2
      • Re: Those of us in the know

        Well done for that message. But it isn't getting out. Most so-called industry commentators simply repeat the fluff of doom and gloom. A few say patch and a very few say administrator privileges.

        No-ne says junk your old bad Windows and get Linux.

        I'm now a Ubuntu user and I've never regretted not having to pay the Gates tax.
        Charles Norrie
      • Its exspensive to maintain security on Linux?

        The concept of least privileged user applies equally well to Linux.

        Linux is a good OS. It's not exactly a slam dunk on the desktop for the average person to use.

        Linux suffers mightily at the hands of people how go around spreading non-sense and over stating Linux's suitability for the average user.

        A responsible Linux user would have said something to the effect that the concept of least privileged user applies to all operating systems and then made a CASE for why Linux is better rather than slamming Windows.

        The Linux community has a LONG way to go before its not perceived by the average computer user as a bunch of geeks that bash Microsoft.
        Heatlesssun
      • And you do that part well.

        the imbecilic part.

        If you ever need to convey just how clueless peopl can be, just post a sentence.

        Does not matter on what, just post a sentence :)
        GuidingLight