2011 is quickly fading in the rear view mirror so here’s a brief analysis on Microsoft vulnerabilities\patches and privilege risk for the year. As mentioned in the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer.
Here is a summary of privilege exploitation in 2011 and 2010 for comparison:
|
2011 |
2010 |
2010 to 2011 |
|
| Bulletins |
100 |
106 |
-5.7% |
| Vulnerabilities |
213 |
269 |
-20.8% |
| Bulletins with Privilege Exploitations |
46 |
59 |
-22.0% |
| Vulnerabilities with Privilege Exploitations |
91 |
157 |
-42.0% |
| % of Bulletins with Privilege Exploitation |
46.0% |
55.7% |
|
| % of Vulnerabilities with Privilege Exploitation |
42.7% |
58.4% |
As you will observe, there was a general improvement in the number of bulletins, vulnerabilities, those with privilege exploitation.
Each bulletin has one or more vulnerabilities that apply to one or more operating systems or applications. Here is a listing of affecting software and the number vulnerabilities with privilege exploitation:
|
Software |
Vulnerabilities |
|
IE 6 |
29 |
|
IE 7 |
29 |
|
IE 8 |
29 |
|
XP |
26 |
|
Vista |
26 |
|
Office |
25 |
|
Server 2008 |
24 |
|
7 |
24 |
|
Server 2003 |
23 |
|
IE 9 |
21 |
|
Excel |
14 |
|
Visio |
5 |
|
PowerPoint |
2 |
|
Forefront |
1 |
|
Groove |
1 |
|
Visual Studio |
1 |
As you can see, Internet Explorer is the top for vulnerabilities with privilege exploitation. Exploits in this case are likely a malicious URL either on a website or in an e-mail that allow the malicious user or software to run commands and calls at the privilege of the running user. If the user is a member of the administrators group, game over.
Of the operating system vulnerabilities with privilege exploitation exposure, here are some of the most frequently affected components (there are many others):
- .NET
- Silverlight
- Windows Media Player \ Center
- OLE
Removing end user administrator rights is not a silver bullet, but it will reduce the risk to malicious software not to mention additional benefits around system stability and support costs. Here is another way to think about these statistics. If you could do one thing to reduce the impact of a car accident by 40%, would you do it? Start buckling those seat belts and start removing end user administrator rights. For more information on the latter, look at Arellia Application Control Solution.