Security News > 2021 > March > PSA: If you're still giving users admin rights, maybe try not doing that. Would've helped you dodge 100+ Microsoft vulns last year – report

Access management outfit BeyondTrust has urged organizations to remove admin rights from users, arguing that doing so would have at least mitigated more than 100 vulnerabilities in Microsoft products last year.

There are businesses and groups out there that are pressured internally into handing people admin rights to keep folks working with awkward software deployments.

BeyondTrust - which has a clear commercial interest here as it sells tools that manage privileged access - gives an example of an overworked IT support desk granting users long-term special rights to perform tasks to stop them filing new tickets each time they need to access something.

The stateside biz brings this up because it analyzed 1,268 CVE-listed bugs fixed in Microsoft products and services during 2020, and concluded, in a report out this week, that the exploitation of more than half of the 196 critical-rated vulnerabilities - 109 to be exact - could have been mitigated by removing admin rights from users.

So even though removing admin rights from users may have limited the exploitation of X per cent of flaws, very few of them would have been exploited anyway in the real world.

Haber did stress that removing people's admin rights is not a shortcut to proper security.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/17/microsoft_vulns_admin/