Most Windows security flaws mitigated by 'removing admin rights'

Almost nine-out-of-ten vulnerabilities targeting Windows last year could have been prevented by removing accounts with administrative rights.
Written by Zack Whittaker, Contributor

Most security vulnerabilities affecting Windows last year could've been mitigated in most cases by removing access to administrator rights, according to a report.

The report, released on Thursday by security firm Avecto said a total of 85 percent of critical flaws affecting the operating system could've been stopped at the gate, and prevented from spreading deep into system files.

Carrier IQ test

Image credit: Avecto

Administrator accounts are common among consumer and home PCs, because they give users access to everything on the computer. But malware, when it strikes, also gets the same privileges. That means malware or hackers can modify core Windows files, and steal or destroy data.

Many businesses provide Windows machines with a lower, limited level of access, which reduces the spread of malware or access for hackers.

The report said that removing admin rights could've mitigated more than 99 percent of flaws affecting Internet Explorer, which had a critical-rated flaw almost every month; and mitigated 82 percent of all vulnerabilities affecting Office.

The company analyzed the entire batch of vulnerabilities in Microsoft's monthly security patch update, dubbed Patch Tuesday, to see which flaws would be less impacted whose logged-in accounts "are configured to have fewer user rights on the system."

Out of the entire batch of vulnerabilities reported, 63 percent would be mitigated or unexploitable if admin rights were removed.

Editorial standards