Report Highlights Microsoft Admin Privilege Risks
A Microsoft Vulnerabilities Report published by BeyondTrust, a provider of privilege access management (PAM) software, serves as a reminder of how more crucial than ever it is to turn off administrative rights now that many employees are working from home to help combat the COVID-19 pandemic.
The report notes a record high 858 Microsoft vulnerabilities were discovered in 2019, an increase of 64% in the last five years. Removing admin rights from endpoints would have mitigated 77% of all critical Microsoft vulnerabilities in 2019.
The report also notes 100% of critical vulnerabilities in Internet Explorer and Microsoft Edge browsers would have been mitigated by removing admin rights.
Finally, 80% of critical vulnerabilities affecting Windows 7, 8.1 and 10 clients and Windows Servers would have been mitigated.
BeyondTrust CTO and CISO Morey Haber said that as IT teams hand out mobile computing devices running Windows to enable employees to work from home, they need to remember to turn off administrative rights. Of course, that may be a difficult rule to enforce when employees own their own machines. Microsoft provides end users with administrative rights to address issues that require the ability to access the internal operating system. However, that access is problematic for cybersecurity teams because most of the vulnerabilities that cybercriminals attempt to exploit can only be accessed when administrative rights are turned on, noted Haber.
Haber said he expects the number of vulnerability issues cybersecurity teams will encounter on Windows platforms should decline as more organizations migrate to Windows 10. The latest instances of Windows also provide end users with a more granular set of options for accessing functions at the operating system level, which should reduce the number of instances in which cybercriminals can gain complete control of a system, he noted.
Cyberattacks against endpoints are naturally on the rise because in the rush to enable employees to work from home it is likely many best cybersecurity practices are either being ignored or simply forgotten. Many cybersecurity professionals who normally would enforce those policies are also working from home, so the opportunity for mistakes to be made is considerable, Haber said.
At the same time, cybercriminals are launching COVID-19 phishing attacks that seek to both compromise employee credentials and distribute malware. The potential for a single compromised credential to wreak havoc across an entire IT environment is high.
It’s not clear just yet to what degree the COVID-19 pandemic may force more organizations to finally retire older Windows 7 and Windows 8 platforms. Despite the fact Microsoft is no longer providing free security patches for Windows 7, reliance on the legacy platform remains high within many businesses large and small. In the short term, many of those businesses are not going to be in a position to upgrade those systems until the COVID-19 pandemic subsides and larger numbers of new PC systems are available. In the wake of the rush to enable employees to work from home, PCs are already in short supply. Longer-term, however, it’s about to become more apparent just how much a cybersecurity liability legacy Windows platforms have become.
