Microsoft security holes at record high even in the latest Word, Excel and PowerPoint


A new report confirms what most Microsoft Office customers know; there’s more security patches in Microsoft products, despite years of promises. Not just the latest Word, Excel and Powerpoint but even new products like the Edge browser are increasingly vulnerable.

An Avecto report shows 87 vulnerabilities in 2017 – a record high.  A dozen of those were considered ‘Critical’ by Microsoft’s, biased, reckoning.

Source: Avecto

According to the report, removing Admin user rights would reduce the risk for 60% or about 7 of the dozen critical security holes.

The Avecto report is available here (registration required).

Removing Admin Rights

Avecto suggests that removing Administrator rights will cut the risk of infection.

Ideally, regular users of a computer should only have normal or standard user access.   That step alone will considerably reduce the risk of a successful attack on your computer and network.

Windows already has a middle ground between the limited user and full access administrator access.  It was originally promoted by Microsoft as a security improvement, but the company has quietly back-tracked on that.

Windows 8 and 10’s Administrator access actually runs in standard user mode, with a User Account Control – UAC prompt if admin access is required.   You may have noticed full screen User Account Control prompts when installing a new program or changing some settings.

That sounded great back when UAC’s were introduced but these days hackers have found ways to bypass these prompts and infect Windows.

Sadly, attackers find it too easy to trick people into giving them admin access.

But switching to Standard user access really isn’t an option for many users.  There’s much time and trouble of logging out and back into an Administrator account each time the higher access is needed.

The real solution is for Microsoft to fix the UAC problems and restore confidence in this security option.  At the moment, Microsoft appears to have take the cheaper route of redefining UAC as a being less effective.

Edge Browser woes

The new Edge browser in Windows 10 is hyped as a more secure browser with security ‘built in’ from the beginning of development.  The older, and now Redmond derided, Internet Explorer was supposed to be less secure.

But the Avecto report numbers tell a different story.

Internet Explorer had just 48 critical level vulnerabilities in 2017, compared with 140 in the newer Edge browser.

Just another reason to ignore Edge and the endless prompts from Microsoft to use it.