Arellia Finds That the Majority of Critical Microsoft, Adobe, and Mozilla Software in the 1st Half of 2013 Vulnerabilities are Mitigated by Privilege Management
Salt Lake City, Utah (PRWEB) July 25, 2013 -- Arellia, a leader in privilege management solutions, has analyzed software vulnerabilities disclosed in the first half of 2013 from Microsoft, Adobe, Mozilla, and Apple software for Windows to find that the majority of critical vulnerabilities were impacted by the privileges of the running user. With the exception of Apple, all vendors rate vulnerability severity with critical vulnerabilities being those that are easily exploited. The share of critical vulnerabilities affected by privilege for the first half of 2013 is:
• Adobe: 68%
• Microsoft: 71%
• Mozilla: 96%
As mentioned, Apple did not note vulnerability severity, but 100% of Apple QuickTime vulnerabilities were found to be impacted by the privilege of the running user.
In terms of all vulnerabilities disclosed in the 1st half of 2013, the share of vulnerabilities impacted by the privilege of the running user is as follows.
• Adobe: 67%
• Apple: 48%
• Microsoft: 34%
• Mozilla: 67%
“While the share of all vulnerabilities impacted by user privilege is down for some vendors in the first half of 2013, the impact of privilege on critical vulnerabilities (those most likely to be exploited) is high,” said Stephen Brown, president of Arellia. “Arellia’s research proves the need to minimize user privileges to achieve better security.”
Mitigating vulnerabilities affected by privilege is defined by Microsoft as, “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” Arellia found similar mitigations with Adobe, Mozilla, and Apple.
In analyzing the effectiveness of different privilege levels, Arellia found improvements in vulnerability protection when using Standard User accounts versus Administrator accounts. The best security was achieved when commonly exploited applications had privileges removed using Arellia Application Control Solution. With this approach, applications were protected whether run by an administrator or standard user account.
Details on Arellia’s 1st half 2013 research can be found on the Arellia blog. For deeper insights on vulnerabilities and the impact of privilege, download the whitepaper Mitigating Vulnerability Exploits with Privilege Management.
About Arellia
Arellia is a leader is protecting enterprise Windows systems from advanced insider and external security threats through privilege management, application whitelisting, administrator rights management, and security configuration assessment and remediation. With Arellia solutions, organizations can
• Protect against advanced persistent threats
• Prevent insider abuse
• Reduce operating costs
• Maintain regulatory compliance
Arellia solutions have protected over 1 million Windows systems for global Fortune 500, government, and security-focused organizations since 2006. Arellia is headquartered in American Fork, Utah with regional offices in Australia and Germany. To learn how you can improve the security of your Windows systems, visit us at http://www.arellia.com.
Stephen Brown, Arellia, http://www.arellia.com, 801-692-1384 106, [email protected]
Share this article