Study finds 100% of IE and Edge vulnerabilities can be neutered by not running as Admin
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Edge is already a pretty safe browser, but all software has flaws and vulnerabilities, meaning to be truly safe on the internet it would be a good idea to wear both belt and braces.
Security experts have long recommended that Windows users should use a non-admin account for their day-to-day computing, and now security company Avecto has released a study which shows that 100% of Edge vulnerabilities in 2016 could have been mitigated by running as a non-admin user.
Their Microsoft Vulnerabilities Report found 100% of vulnerabilities impacting Internet Explorer could be mitigated by removing admin rights, including 100% of the vulnerabilities affecting Microsoft’s latest browser, Edge.
In addition Avecto’s report found that 93% of Windows 10 vulnerabilities could be mitigated by removing admin rights.
In total, 530 Microsoft vulnerabilities were reported in 2016, with 36% (189) given a critical severity rating. Of these critical vulnerabilities, 94% were found to be mitigated by removing admin rights, up from 85% reported last year.
As a new OS in constant development, Windows 10 had the highest proportion of vulnerabilities of any Microsoft OS (395), 46% more than Windows 8 and Windows 8.1 (265 each).
“Privilege management and application control should be the cornerstone of your endpoint security strategy, building up from there to create ever stronger, multiple layers of defense,” said Mark Austin, co-founder, and co-CEO at Avecto. “These measures can have a dramatic impact on your ability to mitigate todays attacks.”
Marco Peretti, Chief Technology Officer at Avecto added: “Once again, it’s clear from this year’s findings just how significant the removal of admin rights is to mitigate the risk of many of the cyber threats we face.
Besides Windows, Microsoft Office products were also the subject of 79 vulnerabilities, up from 62 last year. This represents a 295% increase in Office vulnerabilities since 2014. Of the 79 vulnerabilities impacting Office, 17 were classed as Critical, meaning that all businesses using the software were potentially vulnerable to attack.
Austin notes that times and applications have changed and running running as a limited user was no longer difficult to achieve.
Do our readers run as Admin or as a limited user? Let us know below.
