infographic
• There were 522 Windows vulnerabilities in 2023 , 55 of which were critical .
• Microsoft Office experienced 62 vulnerabilities in 2023 .
• Windows Server category had 558 vulnerabilities in 2023 , 57 of which were critical .
“ This report continues to highlight the need to keep improving security , not only at Microsoft , but also for all organisations who are looking to better manage cyber risks in the context of an evolving threat landscape ,” said James Maude , Director of Research , BeyondTrust . “ This year ’ s report was a prime illustration of the modern identity threat landscape . The continued domination of Elevation of Privilege as the most common category of vulnerability and the identity crisis highlighted at the end of the report , underscore the importance of privilege and the timeless security concept of least privilege .
“ It also emboldens BeyondTrust ’ s mission to provide the broadest level of visibility and protection of paths to privilege ,” added Maude .
Despite overall stability in the Microsoft vulnerabilities data , the report ’ s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent :
• Vulnerabilities and unpatched systems will continue to provide threat actors a means of attack .
• Expanding Microsoft technologies will continue to introduce new attack surfaces .
• Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft ’ s systems .
• Investments in research and security practices will continue to shift the way threat actors gain their foothold , as it becomes easier to steal an identity to gain access than to exploit a vulnerability .
Despite predicting an increase in the volume and sophistication of identity-based attacks , the report shows once again that long-standing , foundational security principles like least privilege will continue to offer the best line of defence – even against modern threats – and the organisations who successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow ’ s threats .
WWW . INTELLIGENTCISO . COM 23