Microsoft Privilege Exploitation in 2012
With the new year upon us, time for Arellia’s 2012 analysis of Microsoft vulnerabilities and those with privilege exploitation:
|Bulletins with Privilege Exploitations||40|
|Vulnerabilities with Privilege Exploitations||87|
|% of Bulletins with Privilege Exploitation||48.2%|
|% of Vulnerabilities with Privilege Exploitation||50.6%|
As a refresher from the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer. Further analysis of the vulnerabilities with privilege exploitation by Microsoft software component is as follows:
|Internet Explorer 9||25||7|
|Internet Explorer 6||20||5|
|Internet Explorer 7||20||5|
|Internet Explorer 8||20||5|
|Windows Server 2008||13||12|
|Windows Server 2003||12||11|
It’s no surprise to anyone in the security industry that out of all the Microsoft products, Internet Explorer had the most vulnerabilities with privilege exploitation in 2012. Internet Explorer is constantly under attack by hackers because exploiting Internet Explorer is easier than exploiting other Windows vulnerabilities. Internet Explorer is easier to exploit because most attacks can be driven by a malicious website or webpage, instead of executing a malicious file on the computer.
It’s also no surprise that Office takes second place for most vulnerabilities with privilege exploitation in 2012. In the workplace environment, an exploit on Office products can be just as easily executed as Internet Explorer vulnerabilities because of the high use of Office documents. Application privilege management can mitigate Microsoft Office vulnerabilities by preventing Office applications from accessing or making changes to system settings.
Privilege management can be implemented in one of two ways. First, one could move users from administrator accounts to standard user accounts. This can create some additional challenges around applications that require administrator rights – a challenge that can be addressed with privilege elevation using software such as Arellia Application Control Solution. The second and better option and one that is much easier to implement on any user is to remove privileges from commonly exploited applications as was illustrated in Zero Day Vulnerability Protection with Privilege Management.
Arellia Application Control Solution and Local Security Solution provide application privilege managementand user privilege management for securing Microsoft applications against privilege exploitation. Use these as an additional line of defense against common exploits.
About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.