90 percent of Windows 7 flaws fixed by removing admin rights

After tabulating all the vulnerabilities published in Microsoft's 2009 Security Bulletins, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights, according to a report by BeyondTrust. As for the published Windows 7 vulnerabilities through March 2010, 57 percent are no longer applicable after removing administrator rights. By comparison, Windows 2000 is at 53 percent, Windows XP is at 62 percent, Windows Server 2003 is at 55 percent, Windows Vista is at 54 percent, and Windows Server 2008 is at 53 percent. The two biggest exploited Microsoft applications also fare well: 100 percent of Microsoft Office flaws and 94 percent of Internet Explorer flaws (and 100 percent of IE8 flaws) no longer work.

This is good news for IT departments because it means they can significantly reduce the risk of a security breach by configuring the operating system for standard users rather than administrator. Despite unpredictable and evolving attacks, companies can very easily protect themselves or at least reduce the effects of a newly discovered threat, as long as they're ok with their users not installing software or using many applications that require elevated privileges.

In total, 64 percent of all Microsoft vulnerabilities reported last year are mitigated by removing administrator rights. That number increases to 81 percent if you only consider security issues marked Critical, the highest rating Redmond gives out, and goes even higher to 87 percent if you look at just Remote Code Execution flaws. Microsoft published 74 Security Bulletins in 2009, spanning around 160 vulnerabilities (133 of those were for Microsoft operating systems). The report, linked below, has a list of all of them, which software they affect, and which ones are mitigated by removing admin rights.

Source: Arstechnica.com