Employers that remove administration rights from staff PCs can mitigate 92 per cent of all vulnerabilities reported by Microsoft with a critical severity rating, according to research from ‘privilege management’ software company Avecto.
Employees with admin rights can install, modify and delete software and files, as well as change system settings.
Avecto analysed data from security bulletins issued by Microsoft throughout 2013.
According to the findings, removing admin rights would mitigate 96 per cent of critical vulnerabilities affecting Windows operating systems, 91 per cent of critical vulnerabilities affecting Microsoft Office and 100 per cent of vulnerabilities in Internet Explorer.
On the second Tuesday of every month, Microsoft releases security updates for its products to ensure that its users are not susceptible to attacks.
This has become known as ‘Patch Tuesday’.
If a user with admin rights is infected with malware, it can cause damage to the user’s PC, as well as the wider network. “It’s astounding just how many vulnerabilities can be overcome by the removal of admin rights,” Paul Kenyon, co-founder and executive vice president of Avecto, said.
“The dangers of admin rights have been well documented for some time, but what’s more concerning is the number of enterprises we talk to that are still not fully aware of how many admin users they have.
“Without clear visibility and control, they are facing an unknown and unquantified security threat.”
Kenyon concluded that cyber criminals are quick to take advantage of bugs that are unknown to vendors, and that removing admin rights is the most effective way to defend against these unknown threats.