INFOGRAPHIC demonstrating a dramatic 190 % increase , from 31 to 90 .
• The total number of critical vulnerabilities continues its downward trend , but slows its descent , dropping by 6 % to 84 in 2023 ( 5 less than in 2022 ).
• After Microsoft Azure and Dynamics 365 vulnerabilities skyrocketed in 2022 , they almost halved in 2023 – down from 114 to 63 .
• Microsoft Edge experienced 249 vulnerabilities in 2023 , only one of which was critical .
• There were 522 Windows vulnerabilities in 2023 , 55 of which were critical .
• Microsoft Office experienced 62 vulnerabilities in 2023 .
• Windows Server category had 558 vulnerabilities in 2023 , 57 of which were critical .
“ This report continues to highlight the need to keep improving security , not only at Microsoft , but also for all organisations who are looking to better manage cyber risks in the context of an evolving threat landscape ,” said James Maude , Director of Research , BeyondTrust . “ This year ’ s report was a prime illustration of the modern identity threat landscape . The continued domination of Elevation of Privilege as the most common category of vulnerability and the identity crisis highlighted at the end of the report , underscore the importance of privilege and the timeless security concept of least privilege . It also emboldens BeyondTrust ’ s mission to provide the broadest level of visibility and protection of paths to privilege .”
Despite overall stability in the Microsoft vulnerabilities data , the report ’ s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent :
• Vulnerabilities and unpatched systems will continue to provide threat actors a means of attack .
• Expanding Microsoft technologies will continue to introduce new attack surfaces .
• Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft ’ s systems .
• Investments in research and security practices will continue to shift the way threat actors gain their foothold , as it becomes easier to steal an identity to gain access than to exploit a vulnerability .
Despite predicting an increase in the volume and sophistication of identity-based attacks , this year ’ s report shows once again that long-standing , foundational security principles like least privilege will continue to offer the best line of defence – even against modern threats – and that the organisations who successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow ’ s threats . p
www . intelligentcio . com INTELLIGENTCIO APAC 29