Security Slideshow: Microsoft Security Vulnerability Report: How to Mitigate Risk

By Don Reisinger  |  Posted 04-26-2011
Print this article  
Microsoft Office

Microsoft Office

A total of 84 Microsoft Office vulnerabilities appeared in the 2010 Security Bulletins. All 84 met BeyondTrust's criteria to be mitigated by removing administrator rights.

A report from security vendor BeyondTrust gives us an aggregated overview of the number and type of security vulnerabilities reported in 2010 by Microsoft and its partners. BeyondTrust's 2010 Microsoft Vulnerability Report indicates that removing administrator rights from employee PCs can go a long way toward securing your company from some of the most prevalent threats in the wild. BeyondTrust, a vendor of identity management solutions, explains the methodology behind its conclusions, which are based on the security vulnerabilities in Microsoft software that are regularly identified by Microsoft and its partners. According to BeyondTrust, in 2010 Microsoft published more than 100 security bulletins documenting and providing patches for 256 vulnerabilities. BeyondTrust analyzed all of the published Microsoft vulnerabilities in 2010. The report also examined all of the published Windows 7 vulnerabilities from the time that operating system was introduced in October 2009 through December 2010. This report uses information found in the Individual Security Bulletins to classify vulnerabilities by the following criteria: severity rating; vulnerability impact; and affected software. The report considers a vulnerability capable of being mitigated by removing administrator rights if the following sentence is located in the Security Bulletin's Mitigating Factors section: "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."



Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that cioinsight.com may send you cioinsight offers via email, phone and text message, as well as email offers about other products and services that cioinsight believes may be of interest to you. cioinsight will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit