A security update has been issued to address the recently announced vulnerability in Microsoft's Internet Explorer browser which has again highlighted the importance of minimizing administrative rights.
An emergency patch was released yesterday, four days after the announcement. Microsoft has even released a patch for XP, despite it being an unsupported operating system, to continue to encourage users to migrate to Windows 7 or 8.1.
Without the patch update, any user with Internet Explorer (IE) could be compromised by the Critical vulnerability, which allows remote code to execute if a user views a "specially crafted webpage" using an effected version of the browser. Once a remote attacker gains control, they can install even more malicious software and code onto machine.
The vulnerability has highlighted once again that the danger of admin rights cannot be underestimated. If hackers are able to exploit admin accounts, they are able to gain deep access into the core of the network where they can install software and applications, tamper with configurations, exploit sensitive data, or even create new rogue accounts with full admin rights.
In fact, the Microsoft Security Bulletin states: "If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Analysis by Avecto earlier this year showed that 100% of vulnerabilities in Internet Explorer could be mitigated by removing admin rights.