Connect with us

Hi, what are you looking for?

Brand

Microsoft Turns The Tide And Counters Security Vulnerabilities

Both Microsoft windows servers and Windows witnessed a sharp decline in the total number of vulnerabilities by 50% and 40% respectively.

Microsoft Turns The Tide And Counters Security Vulnerabilities

Reports by security providers and identity management firm Beyond Trust indicate a reversal in the rise of vulnerabilities in Microsoft. The number of vulnerabilities found in Microsoft dipped by 5%. 

In 2021, around 1212 vulnerabilities were identified in the Microsoft line of software products. However, their intensity and locality have kept changing. There was a 47% drop in CVSS standard “critical” vulnerabilities compared to last year. 

Both windows servers and Windows witnessed a sharp decline in the total number of vulnerabilities by 50% and 40% respectively. On the flip side, the vulnerabilities present in Internet Explorer and Microsoft Edge have gone up to record levels. 

The most prevalent vulnerability in 2021 was privilege elevation. This would grant admin access and rights of a system to the attacker, who gains through illegal means. Around 588 privilege elevation vulnerabilities were identified in 2021. 

One of the main reasons for this rise is due to focus on correct security practices. Since customers using unnecessary privileges for admins have gone down, attackers are finding new and innovative ways to get privilege elevation. 

After privilege elevation, the second most prevalent form of vulnerability is related to the execution of remote code. This is even more dangerous since it can be controlled remotely, without the need for user interaction. 

Microsoft products such as Microsoft Office, Windows, and Azure also have a fair share of vulnerabilities according to the BeyondTrust report. 

Researchers from BeyondTrust also lauded the persistent efforts by Microsoft to protect Azure and to steadily decline the vulnerabilities in Office.

Click to comment

Leave a Reply

Your email address will not be published.