Most of the high-impact vulnerabilities detailed in the report highlight the risks of on-premises technology, indicating that a shift to the cloud can improve an organisation’s security
BeyondTrust announced the release of the 2022 Microsoft Vulnerabilities Report. The research includes the latest annual breakdown of Microsoft vulnerabilities by category and product and a six-year trend analysis, providing a holistic understanding of the evolving threat landscape. Produced annually by BeyondTrust, and now in its ninth edition, The Microsoft Vulnerabilities Report analyses data from security bulletins publicly issued by Microsoft throughout the previous year.
Microsoft groups vulnerabilities that apply to one or more of their products into the following main categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing. The findings in this year’s report will help organisations better understand and address risks within the Microsoft ecosystem.
Here are some key highlights from this year’s report:
- For the second year running, Elevation of Privilege was the #1 vulnerability category, accounting for 49 per cent of all vulnerabilities in 2021
- Of the 326 remote code execution vulnerabilities reported in 2021, 35 had a CVSS score of 9.0 or higher
- Most of the high-impact vulnerabilities detailed in the report highlight the risks of on-premises technology, indicating that a shift to the cloud can improve an organisation’s security
- Vulnerabilities in IE and Edge in 2021 were at a record high of 349, roughly 4x higher than in 2020
“Microsoft’s move to the Common Vulnerability Scoring System (CVSS) makes it easier for vulnerabilities to be cross-referenced with third-party applications that leverage affected services. However, this is a trade-off because of the loss of visibility to determine the impact of administrative rights on critical vulnerabilities. What is clear is the continued risk of excessive privileges. With the growing risk of privileged attack vectors caused by cloud deployments, removing admin rights remains a critical step in reducing an organisation’s risk surface. This can be achieved by adopting a least privilege strategy and enabling zero-trust architectures throughout an environment,” said Morey Haber, Chief Security Officer, BeyondTrust.
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produces a numerical score reflecting a vulnerability’s severity level, from 0 to 10. It’s important to consider that, when scoring vulnerabilities, organisations should not rely exclusively on the vendors’ CVSS Base Score to prioritise risk and remediation plans. End users should apply custom environment metrics to translate the risk to their own organisations. Guidance for this calculation can be found on NIST’s website.
With the consistently high volume of Microsoft vulnerabilities, securing endpoints is more critical than ever. Removing administrative rights is essential for mitigating many of the risks outlined in this report. BeyondTrust Endpoint Privilege Management enables organisations to achieve the least privilege with a solution that deploys quickly and strikes the right balance between security and productivity.
