Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Microsoft Vulnerabilities Report 2015 – What you need to know

February 16, 2016

  • Blog
  • Archive

Now in its third year, the 2015 Microsoft Vulnerabilities Report analyses the data from Security Bulletins issued by Microsoft throughout 2015. Typically issued on the second Tuesday of each month, these “Patch Tuesday” bulletins contain fixes for vulnerabilities affecting Microsoft products. With the launch of Windows 10, this approach changed slightly, with patches being released as soon as they are available.

So what do this year’s findings tell us?

An evolving threat landscape

The pace at which malware is evolving along with the scale of damage it can inflict.. In 12 months, we saw a 52% increase in the number of vulnerabilities reported by Microsoft.

Removing admin rights, the CISOs weapon of choice?

The 2015 Microsoft Vulnerabilities Report once again highlights how a significant number of Critical vulnerabilities could be mitigated by the removal of user admin rights. In total, the risk from 85% of Critical vulnerabilities reported in 2015 could be prevented by simply removing admin rights across the enterprise.

Keeping web-borne threats at bay

The removal of admin rights was once again found to be highly effective in mitigating the threat posed by internet borne malware. A total of 99.5% of vulnerabilities could be managed by the removal of admin rights alone.

Windows 10 is not a security panacea

The launch of Windows 10 in 2015 offered significant improvements in security, however it also offered a fresh target for hackers. Up to 27% of all the vulnerabilities found in 2015 impacted the new OS and of these 82% could be mitigated by removing admin rights.

What can we learn?

The findings from the 2015 Microsoft Vulnerabilities Report act as another wake up call to IT and security teams on power and importance of removing admin rights in an enterprise setting. The research supports the recommendations of respected industry bodies including SANS, The Council on Cyber Security and the Australian Department of Defense, who all list the controlled use of administrative privileges as a fundamental part of their security best practice guidelines.

One of the most effective ways to meet the recommendations of these bodies is to remove administrator rights from users entirely, but give back user flexibility with Privilege Management and Application Control technology that allows all users to function effectively under a standard user account.

Complement this by layering security strategies as part of a defense in depth (DiD) approach. The overlap of these layers of defense aims to ensure that the shortcomings of one security control are covered by another. For example, in the gap between a patch being discovered and applied, Sandboxing technology will trap and contain online threats so that data remains secure.

Download your copy of the report now for the full analysis.

Mark Austin

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

Webcasts

Welcome to 2021: A BeyondTrust Global Partner Update

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.