Security News > 2024 > April > BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023
The number of Microsoft vulnerabilities has mostly flattened in 2023, with elevation of privilege and identity attacks being particularly common, according to BeyondTrust's annual Microsoft Vulnerabilities report.
The total number of Microsoft vulnerabilities has remained mostly steady for the past four years, with a slight dip in 2023 from 1,292 to 1,228 reported vulnerabilities.
33 Microsoft vulnerabilities from 2023 were classified as critical in NIST's scoring system, but Microsoft itself classified 84 vulnerabilities in 2023 as critical.
Microsoft's classification system still reflects the overall trend of a slight decrease in vulnerabilities year-over-year, showing a decrease in severe vulnerabilities by 6%. BeyondTrust noted that not all recorded Microsoft vulnerabilities pose significant risk; some are mostly theoretical or would have minimal impact even if they were exploited.
"As the overall number of Microsoft vulnerabilities stabilizes and the number of critical vulnerabilities decreases, we see that attackers, much like water, will flow to the path of least resistance and focus much more of their attention on identities," the report stated.
BeyondTrust attributed some of the success in decreasing vulnerabilities to Microsoft's increased collaboration with its security research community.
News URL
https://www.techrepublic.com/article/beyondtrust-microsoft-vulnerabilities-report/
Related news
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Ivanti vows to transform its security operating model, reveals new vulnerabilities (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)