For security reasons, it is ideal to do the most work with the least amount of privileges in order to prevent malware. It also prevents mischievous actions being conducted on the computer. If you conduct your daily routine with elevated or administrated privileges, chances are pretty good you will allow malware to be installed without you knowing it.
Why did Microsoft not fix this?
Its mind boggling why Microsoft never addressed the vulnerability or even try to eliminate the vulnerability. Microsoft did release a statement to Endgadget:
“We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid login credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer.”
Google’s proactive approach to fighting Zero Day vulnerabilities
“On balance, Project Zero believes that disclosure deadlines are currently the optimal approach for user security – it allows software vendors a fair and reasonable length of time to exercise their vulnerability management process, while also respecting the rights of users to learn and understand the risks they face. By removing the ability of a vendor to withhold the details of security issues indefinitely, we give users the opportunity to react to vulnerabilities in a timely manner, and to exercise their power as a customer to request an expedited vendor response.”
Emsisoft Endpoint Protection: Award-Winning Security Made Simple
Experience effortless next-gen technology. Start Free Trial