Intelligent CISO Issue 74 | Page 22

infographic

BEYONDTRUST ’ S ANNUAL MICROSOFT VULNERABILITIES REPORT FINDS VULNERABILITY NUMBERS REMAIN HIGH

Elevation of Privilege is the top vulnerability category for the fourth year running , accounting for 40 % of all Microsoft vulnerabilities in 2023 . roduced annually by BeyondTrust ,

P the latest 2024 Microsoft Vulnerabilities Report analyses data from security bulletins publicly issued by Microsoft throughout the previous year and provides valuable information to help organisations understand , identify and address the risks within their Microsoft ecosystems .

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities , which apply to one or more Microsoft products . Microsoft typically groups vulnerabilities into these main categories : Remote Code Execution ( RCE ), Elevation of Privilege ( EoP ), Information Disclosure , Denial of Service ( DDoS ), Spoofing , Tampering and Security Feature Bypass .
This year ’ s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks , spotlighting some of the most significant CVEs of 2023 ( 9.0 + CVSS severity scores ).
Highlights and key findings
Total and critical vulnerabilities demonstrated some of the most consistent data , year over year , since this report ’ s debut , a strong indicator that overall long-term security efforts are paying off . This may also reflect that attackers are increasingly refocusing their efforts on exploiting identities , rather than Microsoft software vulnerabilities .
• After hitting an all-time high in 2022 , total vulnerabilities continue their four-year holding pattern near their highest-ever numbers in 2023 , remaining between 1,200 and 1,300 ( since 2020 ).
• Elevation of Privilege vulnerability category continues to dominate , accounting for 40 % ( 490 ) of the total vulnerabilities in 2023 .
• Denial-of-Service vulnerabilities climbed 51 % to hit a record high of 109 in 2023 , with ‘ spoofing ’ demonstrating a dramatic 190 % increase , from 31 to 90 .
• The total number of critical vulnerabilities continues its downward trend , but slows its descent , dropping by 6 % to 84 in 2023 ( five less than in 2022 ).
• After Microsoft Azure and Dynamics 365 vulnerabilities skyrocketed in 2022 , they almost halved in 2023 – down from 114 to 63 .
• Microsoft Edge experienced 249 vulnerabilities in 2023 , only one of which was critical .
22 WWW . INTELLIGENTCISO . COM