This report has been compiled by Avecto through the analysis of data from Security Bulletins issued by Microsoft throughout 2013. Microsoft bulletins are issued on the second Tuesday of each month, a date known commonly as "Patch Tuesday", and contain fixes for vulnerabilities affecting Microsoft products that have been discovered since the last bulletin's release. Network Administrators, Security Managers and IT Professionals then respond to the update as quickly as they are able, ensuring the patches are rolled out across their systems to protect against the known vulnerabilities.
October 2013 marked the ten year anniversary of these scheduled updates providing a milestone for Avecto's top line analysis of the annual figures in order to determine the vulnerability landscape and conclude the effect of removing user admin rights.
Each bulletin issued by Microsoft contains an Executive Summary with general information regarding that bulletin. For this report, a vulnerability is classed as one that could be mitigated by removing admin rights if the sentence "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights" is found within the Executive Summary of the bulletin in which that vulnerability appears.
For a more detailed overview of the methodology used to produce this report, please see Appendix 1; Detailed Methodology