Q: Restricted user rights and vulnerabilities
I know that a restricted user is less vulnerable to most exploits but is knowing that your users have restricted access enough of a reason NOT to patch? I am advocating that my IT support team update/ patch the following software for our end users; QuickTime, Java, Adobe Reader and Acrobat. Currently all of our installed versions have multiple known vulnerabilities. I am being told patching is unnecessary because 95% of our users have restricted user rights and therefore cannot be exploited.
Will you please clarify? I understand how restricted user rights increases security, but is that enough of a layer to justify not patching. When I inquired about scanning thumb drives, this same answer is given, “It is not necessary because the users have restricted rights.” Many of our users have access to confidential and sensitive data and I remain concerned. I really appreciate any assistance that you can provide on this issue. Thank you for your help.
A: I am going to let our readers answer this interesting question. Readers – what do you say?