IT Trenches

Jan 22 2010   7:34PM GMT

Sure you can use my security context – exploit me!

Troy Tate Profile: Troy Tate

I recently blogged about the fact that the initial reports of the Google Aurora attack focused on Internet Explorer version 6. Some comments on the Information Security Community Group on LinkedIn got me thinking about another part of the successful exploit that could have reduced the impact, if not completely prevented it.

The Microsoft security bulletin states that “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” That’s great news for a lot of organizations that have taken the operational stance of least user access or the principle of least privilege. Not everyone has to run everything as a local administrator on their computer. This would prevent a lot of home users from being infected and definitely help businesses reduce the impact of successful exploits of known and previously unknown vulnerabilities.

How much news about security breaches do you think there would be if LUA was put into practice everywhere possible? Maybe then we could focus on addressing other business application issues like getting incompatible applications upgraded from Internet Explorer 6 to IE8.

Thanks for reading and let’s continue to be good network citizens!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: