Granting admin rights to end-users has long been a political jungle, and it's one of those computing aspects where business users will almost take up arms to stop IT from taking it away.
Obviously, there are specific reasons where admin rights are applicable, but for the majority of the business, there's no good reason for end-users to retain them. More problems arise from having full access than having standard user admittance. The majority of applications don't require admin rights, and for those companies that removed those rights long ago, have considerable less trouble. But, more than just application usage, malware seeks to take advantage of computers where rights are not restricted. Utilizing elevated rights of the logged on user, malware can practically have its way on the targeted system.
Avecto has released a new study that adds credence to removing admin rights at all costs and could help IT departments make a stronger case for it. The study shows that removal of admin rights can lead to the elimination of 96% of critical vulnerabilities lobbied against Windows, 91% against Microsoft Office, and a whopping 100% against Internet Explorer.
The study works through the list of Patch Tuesday bulletins for 2013 and then applies them against end-users who have been granted administration privileges to their computer.
Download the Study: 2013 Microsoft Vulnerabilities Study
P.S. With support for Windows XP ending on April 8, 2014, this should be an important step for those companies that cannot move away from the old OS version before the deadline. I've seen, personally, where the majority of companies holding onto Windows XP also have enabled admin rights for their computers users. That's a bad practice to start with, but it becomes even more critical to eliminate when Windows XP becomes the most vulnerable operating system on the planet in April.