A new report into Microsoft vulnerabilities shows 2021 saw a 47 percent decrease in critical vulnerabilities, marking the lowest ever total since the report began.
The 2022 Microsoft Vulnerabilities Report from BeyondTrust also reveals that for the second year running, elevation of privilege was the #1 vulnerability category, accounting for 49 percent of all vulnerabilities.
Microsoft groups vulnerabilities that apply to one or more of their products into seven main categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing. The report aims to help organizations better understand and address risks within the Microsoft ecosystem.
Among the findings, of the 326 remote code execution vulnerabilities reported in 2021, 35 had a CVSS score of 9.0 or higher. Most of the high-impact vulnerabilities detailed in the report highlight the risks of on-premises technology, suggesting that a shift to the cloud can help improve an organization’s security.
Vulnerabilities in IE and Edge also reached a record high of 349 last year, roughly four times higher than in 2020.
“Microsoft’s move to the Common Vulnerability Scoring System (CVSS), now makes it easier for vulnerabilities to be cross-referenced with third-party applications that leverage affected services,” says Morey Haber, chief security officer at BeyondTrust. “However, this is a trade-off because of the loss of visibility to determine the impact of administrative rights on critical vulnerabilities. What is clear, is the continued risk of excessive privileges. With the growing risk of privileged attack vectors caused by cloud deployments, the removal of admin rights remains a critical step to reduce an organization’s risk surface. This can be achieved by adopting a least privilege strategy and enabling zero-trust architectures throughout an environment.”
You can get the full report from the BeyondTrust site and there’s an infographic summary of the findings below.
Image credit: billiondigital/depositphotos.com