More than half of Microsoft vulnerabilities solved by removing admin rights

More than half of Microsoft vulnerabilities could be solved by removing admin rights, according to cyber security vendor BeyondTrust. 

According to a new report by the vendor, 1,268 Microsoft vulnerabilities were discovered in 2020, a 48 per cent increase, year-on-year. In addition, the number of reported vulnerabilities has risen an astonishing 181 per cent in the last five years. 

However, BeyondTrust has claimed that removing admin rights from endpoints would mitigate 56 per cent of all critical Microsoft vulnerabilities in 2020. Delving deeper, 87 per cent of critical vulnerabilities in Internet Explorer and Microsoft Edge would have been mitigated by removing admin rights, the report said. 

Around 80 per cent of critical vulnerabilities in all Office products (Excel, Word, PowerPoint, Visio, Publisher, and others) would have been mitigated by removing admin rights, as would have 66 per cent of those affecting Windows Servers. 

“The sheer fact that patching must always occur is a cyber security basic,” said Morey Haber, chief technology officer and chief information security officer at BeyondTrust.  

“However, deflecting an attack with good cyber security policies like the removal of administrative rights ultimately makes the environment, and home workers, even more secure. And, most importantly, honouring least privilege can buy your organisation time to patch when critical vulnerabilities are published.” 

The report comes as BeyondTrust expands its Asia Pacific and Japan footprint, opening an office in Singapore and hiring former BAE Systems executive Nick Turnbull as its regional senior vice president (SVP). 

Turnbull has been tasked with working closely with customers to help them achieve local regulatory compliance, as well as continuing to strengthen its channel focus with value-add distributors, resellers, local and global systems integrators. 

“I am thrilled to have Nick join our team. He is a seasoned executive with the skill, relationships and talent we need to drive our continued growth in the APJ region,” said Brent Thurrell, chief revenue officer at BeyondTrust.  

“His vast experience will guide BeyondTrust in our quest to revolutionise our go-to-market strategy, as well as building out our teams in APJ, targeting key growth markets, and becoming the privileged access management leader in the region.”