Blocking Windows Admin Rights Can Stop Exploits

  /     /     /  
Publicated : 22/11/2024   Category : security


Blocking Windows Admin Rights Can Stop Exploits


The majority of Microsoft Windows attacks seen in 2010 would have been blocked if PCs were not running with admin-level access rights, according to security vendor BeyondTrust.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
Eliminating administrator-level rights for regular users can stop the majority of Microsoft Windows attacks from being able to exploit the computer.
Thats the claim of a report released by security vendor BeyondTrust. For the report, the company investigated all of the security bulletins released by Microsoft in 2010, which detailed a total of 256
vulnerabilities
.
Looking at those 2010 vulnerabilities, BeyondTrust found that PCs that werent running with administrator-level rights would have blocked 64% of all Microsoft vulnerabilities, 75% of critical Windows 7 vulnerabilities, and all Microsoft Office and IE vulnerabilities. In addition, removing administrator rights would have stopped 82% of remote code execution vulnerabilities, which enable an attacker to run arbitrary code on compromised systems.
The report points to a piece of best-practice advice thats often found in Microsofts security bulletins. Namely, that users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Not coincidentally, the company
behind the report
sells software that can monitor, restrict, or delegate access to root passwords on different operating systems. But is there merit in this approach as a technique for helping mitigate Windows vulnerabilities--and especially zero-day attacks that attempt to exploit never-before-seen bugs?
In an email interview, Jack Koziol, director of information security training firm Infosec Institute, said its likely the report is accurate in its charting of the number of attacks that would have been blocked by restricting administrative-level access. Many of the current exploits out there require you to have admin/system access on the exploited system, he said.
There is a major caveat to that though, he said. One of the primary concepts we teach in our penetration-testing class is that of privilege escalation. If you have non-root or non-administrator level access to a system, you must attempt to escalate privileges in order to access sensitive portions of the OS.
Accordingly, if attackers are gunning for a system that restricts administrative-level access, exploitation becomes a two-step process instead of a single step, said Koziol. First, you get a foothold on the box with regular user access, secondly you gain admin access via privilege escalation attack--perhaps via a kernel vulnerability.
Some approaches to managing administrative-level access might block these types of attacks, he said. But a more directed attack against a specific target, he said, dont discount an attacker finding a way around the defenses, for example by exploiting a kernel-level vulnerability.
Those caveats aside, for organizations that want to control admin-level access, there are multiple approaches--some free. According to a
blog post
by Neil MacDonald, a vice president and distinguished analyst at Gartner, free approaches include Microsofts User Account Control--but its only built into Windows 7 and Vista--as well as a community version of ScriptLogic. Meanwhile, commercial options for controlling admin-level access by application on an exception by exception basis include BeyondTrust, Avecto, Viewfinity, and Symantec/Altiris, he said.
But the best approach, said Koziol, would be to overhaul Windows. The real solution to this problem is to re-engineer Windows to allow regular users to do everything they need without the possibility of compromising the [trusted computing base] of the OS. The last real OS to do this was VMS. After that--well, you know the story, he said.
On the other hand, client/server operating systems as well as cloud-based applications inherently prevent these types of attacks, he noted, because users are never granted access it to the trusted computing base.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Blocking Windows Admin Rights Can Stop Exploits