New Report Shows 90% of Critical Microsoft Windows 7 Vulnerabilities can be Mitigated by Eliminating Admin Rights

May 24th, 2011

BeyondTrust Analysis of 15 Months of Microsoft Security Bulletins Finds the Vast Majority of Vulnerabilities can be Diminished by Configuring End Users as Standard Users

Agoura Hills, Calif. — March 29, 2010 – BeyondTrust, the leading provider of Privileged Access Lifecycle Management solutions, today published research findings that found the removal of administrator rights from Windows users is a mitigating factor for 90% of Critical Windows 7 Vulnerabilities. The results demonstrate that as companies migrate to Windows 7 they’ll need to implement a desktop Privileged Identity Management solution, to reduce the risks from un-patched Microsoft vulnerabilities without inhibiting their users’ ability to operate effectively.

Key findings from this report show that removing administrator rights will better protect companies against the exploitation of:

  • 90% of critical Windows 7 vulnerabilities reported to date
  • 100% of Microsoft Office vulnerabilities reported in 2009
  • 94% of Internet Explorer and 100% of Internet Explorer 8 vulnerabilities reported in 2009
  • 64% of all Microsoft vulnerabilities reported in 2009

“Enterprises continue to face imminent danger from zero-day attacks as new vulnerabilities are exploited before patches can ever be developed and deployed,” said Steve Kelley, EVP of corporate development. “Our findings reflect the critical role that restricting administrator rights, plays in protecting against these types of threats. As companies migrate to Windows 7 they need to be aware that despite enhanced security features on the new operating systems, better controls for administrative rights are still needed to provide adequate protection.”

BeyondTrust’s new report examines all of the published Microsoft vulnerabilities in 2009 and all of the published Windows 7 vulnerabilities to date to quantify the effectiveness of removing administrator rights for mitigating Microsoft vulnerabilities. The report shows that the vast majority of vulnerabilities share the same best practice advice in the “Mitigating Factors” portion of Microsoft’s security bulletins: “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” Complete findings and methodology can be found online in the report.

BeyondTrust 2009 Microsoft Vulnerability Analysis report is accessible at the following link:

About BeyondTrust Privilege Manager
BeyondTrust Privilege Manager, initially released in 2004, is the first desktop Privileged Identity Management solution for Windows. Privilege Manager allows end-users to run all required applications, processes and ActiveX controls without administrative privileges. Privilege Manager allows network administrators to attach permission levels to Windows applications to enforce enterprise security policy while still enabling users to perform approved activities. By removing the need to grant administrative rights to end-users, IT departments eliminate what is otherwise the Achilles heel of the desktop – end-users with administrative power that can be exploited by malware and malicious intent to change security settings and disable other security solutions. Privilege Manager is easy to implement. It plugs directly into Group Policy, the existing Windows security infrastructure. It is transparent to the end-user, without pop-ups or dialogue boxes, and supports Windows 2000, XP, Server 2003, Server 2008, Vista and Windows 7.

About BeyondTrust BeyondTrust empowers IT to eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers with globally proven solutions that increase security and compliance without impacting productivity. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Access Lifecycle Management (PALM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world’s 10 largest banks, seven of the world’s 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held and headquartered in Los Angeles, California, with East Coast offices in Greater Boston as well as Washington DC, and EMEA offices in London, UK. For more information, visit

NOTE TO EDITORS: If you would like additional information on BeyondTrust and its products, please view the BeyondTrust web site at

BeyondTrust, the BeyondTrust logo, Privilege Manager, PowerBroker, PowerADvantage, and PowerKeeper are trademarks or registered trademarks, in the United States and certain other countries, of BeyondTrust Software. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

Scott McCarley
(603) 610-4265

Samantha Singh
Gutenberg Communications
(408) 335-6965