BeyondTrust, the worldwide provider of intelligent identity and access security, has released its 2023 Microsoft Vulnerabilities Report*. Produced annually by BeyondTrust, the report analyses data from security bulletins publicly issued by Microsoft throughout the previous year. This 10th anniversary edition covers a decade of vulnerability insights, providing information to help organisations see into the past, present, and future of the Microsoft vulnerability landscape.
In 2022, total Microsoft vulnerabilities rose to 1,292, hitting an all-time high since the report began 10 years ago. However, BeyondTrust said that other than the number of vulnerabilities the unique threat and impact posed by individual vulnerabilities should be of concern.
Other research highlights include:
- Elevation of Privilege is the No. 1 vulnerability category for the third year running, accounting for 55% (715) of the total Microsoft vulnerabilities in 2022. An elevation of privilege occurs if access is given to rights or privileges which should not have been available to the requester.
- Microsoft Azure and Dynamics 365 generate the biggest financial gains for Microsoft, as well as the biggest gain in number of vulnerabilities.
- In 2022, 6.9% of Microsoft’s vulnerabilities were rated as ‘critical,’ while in 2013, 44% of all Microsoft vulnerabilities were classified as ‘critical.’ - Azure and Dynamics 365 vulnerabilities skyrocketed by 159%, from 44 in 2021 to 114 in 2022.
- Microsoft Edge experienced 311 vulnerabilities last year, but none were critical.
- There were 513 Windows Vulnerabilities, 49 of which were critical.
- Microsoft Office experienced a five-year low with 36 vulnerabilities.
- Windows Server vulnerabilities rose slightly to 552.
“Microsoft has a high volume of vulnerabilities that we have seen increase over the last 10 years of our research,” said James Maude, Lead Security Researcher at BeyondTrust.
“This report outlines many of the risks, and highlights the importance of timely patching alongside the removal of excessive administrative rights to mitigate the risks.”
 |
| Source: BeyondTrust. Cover for the 2023 Microsoft Vulnerabilities Report (10th anniversary edition). |
The past 10 years have seen the number of Microsoft vulnerabilities increase across all categories, with Elevation of Privilege vulnerabilities climbing 650%. Over that time, new Microsoft products have driven the overall increase in vulnerabilities, with Azure and Dynamics 365 vulnerabilities climbing by 159% - largely due to one product, Azure Site Recovery Suite — this past year alone.
If there’s one beacon of light shining across the past 10 years of vulnerabilities, it's the fact that the fundamental ways to mitigate those risks have remained constant for well over a decade. Least privilege enforcement has proven to be just as relevant to the cloud systems and Internet of Things (IoT) devices of today as it did to the legacy systems, some of which are still operational, BeyondTrust noted. BeyondTrust's portfolio includes endpoint privilege management solutions that can enable organizations to achieve least privilege, while striking the right balance between security and productivity.
Explore
Download the report (email required)
*This report dissects the 2022 Microsoft vulnerabilities data, highlighting key shifts and trends since the inaugural report. The report spotlights some of the most significant common vulnerabilities and exposures (CVEs) of 2022, and breaks down how they are exploited by attackers and ways they can be prevented or mitigated.
Microsoft groups product vulnerabilities into the following categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing.
No comments:
Post a Comment