Security Market Segment LS
  2. Home
  3. Business IT
  4. Security
  5. Elevation of privilege led Microsoft vulnerabilities in 2021: BeyondTrust
Thursday, 26 May 2022 10:19

Elevation of privilege led Microsoft vulnerabilities in 2021: BeyondTrust

By
BeyondTrust chief security officer Morey Haber BeyondTrust chief security officer Morey Haber

According to identity and access security specialist BeyondTrust's 2022 Microsoft Vulnerabilities Report, elevation of privilege was the leading vulnerability category for the second consecutive year.

Last year, 49% of all Microsoft vulnerabilities could cause elevation of privilege, the report found.

Turning to the 326 remote code execution vulnerabilities reported in 2021, 35 had a CVSS score of 9.0 or higher.

Also, Internet Explorer and Edge vulnerabilities soared to a record high of 349, approximately four times the 2020 figure.

"Microsoft's move to the Common Vulnerability Scoring System (CVSS), now makes it easier for vulnerabilities to be cross-referenced with third-party applications that leverage affected services," said BeyondTrust chief security officer Morey Haber.

"However, this is a trade-off because of the loss of visibility to determine the impact of administrative rights on critical vulnerabilities. What is clear, is the continued risk of excessive privileges. With the growing risk of privileged attack vectors caused by cloud deployments, the removal of admin rights remains a critical step to reduce an organisation's risk surface. This can be achieved by adopting a least privilege strategy and enabling zero-trust architectures throughout an environment."

According to BeyondTrust, the consistently high volume of Microsoft vulnerabilities means ensuring endpoint security is critical, and removing of administrative rights is an essential mitigation for many risks.

BeyondTrust Endpoint Privilege Management enables organisations to achieve least privilege while balancing security and productivity, the company claims.

The 2022 Microsoft Vulnerabilities Report can be downloaded here.

Read 1185 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Latest from Stephen Withers

Related items

More in this category: « Barracuda expands cloud-native SASE platform VIDEO Interview: Ben Jones talks cyber security, the essential digital service every business needs »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments