Intelligent CIO North America Issue 47 | Page 28

INFOGRAPHIC

BeyondTrust ’ s annual Microsoft Vulnerabilities Report finds vulnerability numbers remain high

Elevation of Privilege is the top vulnerability category for the fourth year running , accounting for 40 % of all Microsoft vulnerabilities in 2023 .

BeyondTrust has released its 2024 Microsoft Vulnerabilities Report . Produced annually by BeyondTrust , this report analyses data from security bulletins publicly issued by Microsoft throughout the previous year and provides valuable information to help organisations understand , identify and address the risks within their Microsoft ecosystems .

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities , which apply to one or more Microsoft products . Microsoft typically groups vulnerabilities into these main categories : Remote Code Execution ( RCE ), Elevation of Privilege ( EoP ), Information Disclosure , Denial of Service ( DDoS ), Spoofing , Tampering and Security Feature Bypass .
This year ’ s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks , spotlighting some of the most significant CVEs of 2023 ( 9.0 + CVSS severity scores ).
Highlights and key findings
Total and critical vulnerabilities demonstrated some of the most consistent data , year over year , since this report ’ s debut , a strong indicator that overall longterm security efforts are paying off .
This may also reflect that attackers are increasingly re-focusing their efforts on exploiting identities , rather than Microsoft software vulnerabilities .
• After hitting an all-time high in 2022 , total vulnerabilities continue their 4-year holding pattern near their highest-ever numbers in 2023 , remaining between 1,200 and 1,300 ( since 2020 ).
• Elevation of Privilege vulnerability category continues to dominate , accounting for 40 % ( 490 ) of the total vulnerabilities in 2023 .
• Denial of Service vulnerabilities climbed 51 % to hit a record high of 109 in 2023 , with Spoofing
28 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com