Microsoft Privilege Exploitation in 2012: Privilege Management Mitigates

With the new year upon us, time for Arellia’s 2012 analysis of Microsoft vulnerabilities and those with privilege exploitation:

Bulletins 83
Vulnerabilities 172
Bulletins with Privilege Exploitations 40
Vulnerabilities with Privilege Exploitations 87
% of Bulletins with Privilege Exploitation 48.2%
% of Vulnerabilities with Privilege Exploitation 50.6%

As a refresher from the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer.  Further analysis of the vulnerabilities with privilege exploitation by Microsoft software component is as follows:

Software Vulnerabilities Bulletins
Internet Explorer 9 25 7
Internet Explorer 6 20 5
Internet Explorer 7 20 5
Internet Explorer 8 20 5
Office 17 10
Windows Server 2008 13 12
Windows XP 12 11
Windows Vista 12 11
Windows 7 12 11
Windows Server 2003 12 11
Visio 7 3
Excel 4 1

It’s no surprise to anyone in the security industry that out of all the Microsoft products, Internet Explorer had the most vulnerabilities with privilege exploitation in 2012. Internet Explorer is constantly under attack by hackers because exploiting Internet Explorer is easier than exploiting other Windows vulnerabilities. Internet Explorer is easier to exploit because most attacks can be driven by a malicious website or webpage, instead of executing a malicious file on the computer.

It’s also no surprise that Office takes second place for most vulnerabilities with privilege exploitation in 2012. In the workplace environment, an exploit on Office products can be just as easily executed as Internet Explorer vulnerabilities because of the high use of Office documents. Application privilege management can mitigate Microsoft Office vulnerabilities by preventing Office applications from accessing or making changes to system settings.

Privilege management can be implemented in one of two ways. First, one could move users from administrator accounts to standard user accounts. This can create some additional challenges around applications that require administrator rights – a challenge that can be addressed with privilege elevation using software such as Arellia Application Control Solution. The second and better option and one that is much easier to implement on any user is to remove privileges from commonly exploited applications as was illustrated in Zero Day Vulnerability Protection with Privilege Management.

Arellia Application Control Solution and Local Security Solution provide application privilege management and user privilege management for securing Microsoft applications against privilege exploitation. Use these as an additional line of defense against common exploits.