BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Another Reminder Why It’s Important to Eliminate Admin Rights

Posted September 27, 2011    Peter McCalister

According to a recent CNET News article, the hacker known as Comodohacker is now threatening to exploit Microsoft’s Windows Update service. This comes on the heels of Microsoft’s misstep of inadvertently offering an early look at the latest Patch Tuesday updates for 15 vulnerabilities in Windows, Office and Server products.

“I’m able to issue Windows update–Microsoft’s statement about Windows Update and that I can’t issue such update is totally false. I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and…Simply I can issue updates via Windows update!” – Comodohacker.

In 2010, Microsoft published more than 100 security bulletins and provided patches for 256 vulnerabilities and the vast majority of security threats from Microsoft vulnerabilities can be mitigated if users do not have unnecessary admin rights.

While Comodohacker’s claims have not been substantiated at this point, according to Microsoft, only Windows updates that are signed by the Microsoft Root Certificate Authority are allowed to be installed via the Windows update process. Regardless of this threat, this is a stark reminder why it so very important that organizations eliminate admin rights for users.

When you allow your users to run as a local admin, you are opening your enterprise to serious security issues. You may think you’re saving money by allowing this instead of multiple calls to the help desk, but in reality you’re risking much more than money.

Leave a Reply

Additional articles

webinar_ondemand

On Demand Webinar – Why You Still Suck at Patching

Posted March 27, 2015    Lindsay Marsh

On Demand Webinar: Dave Shackleford recounts some of his personal experiences in patch management failure, and breaks down the most critical issues holding many teams back from patching more effectively.

Tags:
,
dave-shackleford-headshot

Why You Still Suck at Patching…and How to Turn Your Life Around

Posted March 25, 2015    Dave Shackleford

Live webinar | March 26, 2015 | 10am PT/1pm ET | Dave Shackleford, SANS Instructor | Why You Still Suck at Patching…and How to Turn Your Life Around

Tags:
, ,
infographic

Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls

Posted March 24, 2015    Scott Lang

BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.

Tags:
,