Microsoft OfficeBy Don Reisinger
A total of 84 Microsoft Office vulnerabilities appeared in the 2010 Security Bulletins. All 84 met BeyondTrust's criteria to be mitigated by removing administrator rights.
In 2010, there were 43 reported IE vulnerabilities. According to BeyondTrust, removing administrator rights can mitigate all of these, even for IE 8.
Remote Code Execution
Remote Code Execution vulnerabilities may allow someone who is not at the computer to run unauthorized software and install programs; view, change, or delete data; and/or create new user accounts.
Mitigating Remote Code Execution
In 2010, there were 192 Remote Code Execution Microsoft vulnerabilities published, 158 of which (82 percent) may be mitigated by removing administrator rights.
In 2010, 101 vulnerabilities had a Critical rating, the highest Microsoft assigns to threats. By removing employee administrator rights, 81 percent of those threats could be mitigated.
Of the total 256 vulnerabilities published in Microsoft's 2010 Security Bulletins, more than one third (36 percent) could not be mitigated by removing an employee's administrator rights.
Less than half (47 percent) of Windows OS vulnerabilities could be diminished by configuring users as "standard" users. In 2010, there were 162 published vulnerabilities for all versions of Microsoft operating systems.
Since the October 2009 release of Windows 7, there have been 72 Critical Windows 7 OS vulnerabilities published, and a total of 147 Windows 7 vulnerabilities published.
Critical versus standard
75 percent of critical Windows 7 OS vulnerabilities can be mitigated by having users log in as standard users; when all Windows 7 vulnerabilities are considered, only 42 percent can be mitigated by removing administrator rights.