According to BeyondTrust’s annual Microsoft Vulnerabilities report, the number of Microsoft vulnerabilities in 2023 has mostly remained stable compared to previous years. Elevation of privilege and identity attacks were particularly common vulnerabilities. The report analyzed the most significant CVEs of 2023 and Microsoft’s vulnerability data from monthly Patch Tuesday bulletins, providing vulnerability trends and tips to reduce identity attacks. In total, Microsoft reported 1,228 vulnerabilities in 2023, slightly lower than the previous year’s 1,292. The rate of critical vulnerabilities has also decreased, with 84 critical Microsoft vulnerabilities in 2023 compared to 89 in 2022 and a high of 196 in 2020. BeyondTrust noted that not all vulnerabilities pose significant risks, but some could be damaging if exploited. The most common types of vulnerabilities in 2023 were elevation of privilege, remote code execution, information disclosure, denial of service, spoofing, security failure bypass, and tampering. Identity-based infiltration techniques have become a focus for threat actors. To address this, defenders should prioritize privileges, identity hygiene, and identity threat detection. The decreasing number of vulnerabilities in Microsoft products can be attributed to factors such as refresh cycles, improved security efforts by Microsoft, matured cloud technologies, increased collaboration with the security research community, and lockdown of exploitable features in Office applications.
Menu
