14 DAY TRIAL // If Microsoft ever thought of removing user admin rights from the Windows OS, 86% of all security threats reported in 2015 would become useless, and 99.5% of all threats reported in Internet Explorer would be unexploitable by hackers.
These are two of the conclusions you can reach after reading Avecto's annual Microsoft Vulnerabilities Report, in which the company analyzed all of Microsoft's security bulletins from 2015.
Malware and exploits abuse Windows user admin rights
Digging deeper into the issue of (most of the times) unneeded user admin rights, Avecto discovered that 82% of the security bugs discovered in Office would become ineffective and that 82% of the security flaws reported and fixed in the new Windows 10 OS would also be impossible to exploit.
Additionally, all Edge and Office 2016 security vulnerabilities would be mitigated by removing user admin rights, showing the high security standards at which these products were built, if not for the ever presence of a system-level attacker opening holes in their defenses left and right.
Further looking at the big picture, researchers also concluded that 85% of all Remote Code Execution (RCE) bugs can also be mitigated by removing admin rights, which is food for thought, considering that RCE bugs are some of the most dangerous issues you can find in today's security model.
Overall, Avecto claims that, by removing admin rights from user accounts, about 63% of all security vulnerabilities reported in 2015 for all of Microsoft's products would become unexploitable.
Other discoveries
➣ 433 vulnerabilities were reported across Windows Vista, Windows 7, Windows RT, Windows 8 / 8.1 and Windows 10. ➣ 238 vulnerabilities were reported across Internet Explorer (IE) versions 6 to 11. ➣ 62 vulnerabilities were reported affecting Microsoft Office products. ➣ 429 vulnerabilities were reported in Windows Server. ➣ 18 vulnerabilities were reported impacting the .NET Framework. ➣ The total number of vulnerabilities grew 52% compared to 2014. ➣ The overall number of vulnerabilities increased from 345 to 524.
