Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108notfunny
Tuesday, 23 April 2024 10:17

BeyondTrust’s Annual Microsoft Vulnerabilities Report Finds Vulnerability Numbers Remain High with Elevation of Privilege Remaining the #1 Vulnerability Category

By BeyondTrust
James Maude, Director of Research at BeyondTrust James Maude, Director of Research at BeyondTrust

COMPANY NEWS:

  • Elevation of Privilege is the top vulnerability category for the fourth year running, accounting for 40% of all Microsoft vulnerabilities in 2023
  • Total vulnerabilities maintain 4-year holding pattern near record highs

BeyondTrust, the worldwide leader in intelligent identity and access security, today announced the release of the 2024 Microsoft Vulnerabilities Report. Produced annually by BeyondTrust, this report analyses data from security bulletins publicly issued by Microsoft throughout the previous year and provides valuable information to help organisations understand, identify, and address the risks within their Microsoft ecosystems.

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities, which apply to one or more Microsoft products. Microsoft typically groups vulnerabilities into these main categories: Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Denial of Service (DDoS), Spoofing, Tampering, and Security Feature Bypass.

Comprehensive report breaks down CVEs and key shifts in vulnerability trends

This year’s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks, spotlighting some of the most significant CVEs of 2023 (9.0+ CVSS severity scores).

Highlights and key findings

Total and critical vulnerabilities demonstrated some of the most consistent data, year over year, since this report’s debut, a strong indicator that overall long-term security efforts are paying off. This may also reflect that attackers are increasingly re-focusing their efforts on exploiting identities, rather than Microsoft software vulnerabilities.

  • After hitting an all-time high in 2022, total vulnerabilities continue their 4-year holding pattern near their highest-ever numbers in 2023, remaining between 1,200 and 1,300 (since 2020).  
  • Elevation of Privilege vulnerability category continues to dominate, accounting for 40% (490) of the total vulnerabilities in 2023.
  • Denial of Service vulnerabilities climbed 51% to hit a record high of 109 in 2023, with Spoofing demonstrating a dramatic 190% increase, from 31 to 90.
  • The total number of critical vulnerabilities continues its downward trend, but slows its descent, dropping by 6% to 84 in 2023 (5 less than in 2022).
  • After Microsoft Azure & Dynamics 365 vulnerabilities skyrocketed in 2022, they almost halved in 2023 – down from 114 to 63.
  • Microsoft Edge experienced 249 vulnerabilities in 2023, only one of which was critical.
  • There were 522 Windows vulnerabilities in 2023, 55 of which were critical.
  • Microsoft Office experienced 62 vulnerabilities in 2023.
  • Windows Server category had 558 vulnerabilities in 2023, 57 of which were critical.

“This report continues to highlight the need to keep improving security, not only at Microsoft, but also for all organisations who are looking to better manage cyber risks in the context of an evolving threat landscape,” said James Maude, Director of Research at BeyondTrust. “This year’s report was a prime illustration of the modern identity threat landscape. The continued domination of Elevation of Privilege as the most common category of vulnerability, and the identity crisis highlighted at the end of the report, underscore the importance of privilege and the timeless security concept of least privilege. It also emboldens BeyondTrust’s mission to provide the broadest level of visibility and protection of paths to privilege.”

Detailed analysis predicts the future of Microsoft vulnerabilities

Despite overall stability in the Microsoft vulnerabilities data, the report’s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent:

  • Vulnerabilities and unpatched systems will continue to provide threat actors a means of attack.
  • Expanding Microsoft technologies will continue to introduce new attack surfaces.
  • Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft’s systems.
  • Investments in research and security practices will continue to shift the way threat actors gain their foothold, as it becomes easier to steal an identity to gain access than to exploit a vulnerability.

Despite predicting an increase in the volume and sophistication of identity-based attacks, this year’s report shows once again that long-standing, foundational security principles like least privilege will continue to offer the best line of defence - even against modern threats - and that the organisations who successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow’s threats.

The 2024 Microsoft Vulnerabilities Report can be found here: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report

Read 1126 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Company news
Tagged under

Related items

More in this category: « Employers Mutual Limited Insures Risk Management with SentinelOne Vectra AI welcomes industry veteran from Google to its C-suite leadership team »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments