Security News > 2024 > April > BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023

The number of Microsoft vulnerabilities has mostly flattened in 2023, with elevation of privilege and identity attacks being particularly common, according to BeyondTrust's annual Microsoft Vulnerabilities report.

The total number of Microsoft vulnerabilities has remained mostly steady for the past four years, with a slight dip in 2023 from 1,292 to 1,228 reported vulnerabilities.

33 Microsoft vulnerabilities from 2023 were classified as critical in NIST's scoring system, but Microsoft itself classified 84 vulnerabilities in 2023 as critical.

Microsoft's classification system still reflects the overall trend of a slight decrease in vulnerabilities year-over-year, showing a decrease in severe vulnerabilities by 6%. BeyondTrust noted that not all recorded Microsoft vulnerabilities pose significant risk; some are mostly theoretical or would have minimal impact even if they were exploited.

"As the overall number of Microsoft vulnerabilities stabilizes and the number of critical vulnerabilities decreases, we see that attackers, much like water, will flow to the path of least resistance and focus much more of their attention on identities," the report stated.

BeyondTrust attributed some of the success in decreasing vulnerabilities to Microsoft's increased collaboration with its security research community.

News URL

https://www.techrepublic.com/article/beyondtrust-microsoft-vulnerabilities-report/