With 2012 almost at the midpoint, it is a good time to take a look at the state of security. Arellia research has analyzed Adobe Security Bulletins and how removal of administrator rights could mitigate their vulnerabilities. As mentioned in the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer. Adobe is a common target and Arellia has found a high risk of operating with an administrator user when using many Adobe products.
Here is a summary of privilege exploitation for Adobe Products in 2012 to date:
|Bulletins with Privilege Exploitations||10|
|Vulnerabilities with Privilege Exploitations||36|
|% of Bulletins with Privilege Exploitation||71.43%|
|% of Vulnerabilities with Privilege Exploitation||61.02%|
Each bulletin has one or more vulnerabilities that apply to one or more applications. Here is a listing of software affected and the number vulnerabilities with privilege exploitation:
|Adobe Flash Player||16|
|Adobe Flash Professional||1|
As you can see, Adobe Flash Player is the top application for vulnerabilities with privilege exploitation. Exploits in this case are likely malicious flash code that allow the malicious user or software to run commands and calls at the privilege of the running user. If the user is a member of the administrators group, any command is possible making it easy to install malicious programs or modify operating system configuration. With so many sites using flash video (YouTube anyone), this is an easy attack vector. By running these applications with reduced privileges, either by running as a standard user or removing rights from the application, the exploit of such vulnerabilities is limited in the extent of what malicious actions can occur.
Removing end user administrator rights is not a silver bullet, but it will reduce the risk to malicious software not to mention additional benefits around system stability and support costs. For more information on how to remove administrator rights and add them only to necessary applications, look at Arellia Local Security Solution and Arellia Application Control Solution.
About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.