Microsoft’s security vulnerabilities fall after a five – year rise

The total number of Microsoft vulnerabilities reported in 2021 fell 5%, reversing a five – year trend that saw such vulnerabilities rise sharply, according to a new report from identity management and security vendor BeyondTrust.

A total of 1,212 new vulnerabilities were discovered in 2021, but their severity, as well as their location in the Microsoft software product family, has changed significantly year on year. Vulnerabilities in its “critical” rating on the CVSS standard have fallen 47% in the past year, reaching the lowest levels since BeyondTrust began issuing this report, nine years ago.

Vulnerabilities on Windows, Windows Server crash

Both Windows and Windows Server saw sharp reductions in the total detected vulnerabilities, 40% and 50%, respectively, with vulnerabilities affecting Microsoft Edge and Internet Explorer browsers reaching record highs.

Contributing to the latest analysis is Microsoft’s transition to a common NIST vulnerability scoring system, which allows researchers to cross – reference security flaws in a more direct way with bugs in the external ecosystem.

The most common type of vulnerability seen in 2021 was a rise in privilege, when an attacker gains administrative rights over a system by illicit means. A total of 588 such vulnerabilities were discovered in 2021. BeyondTrust researchers credit wider uptake of best security practices for this increase – in contrast, a general decline in the number of users with unnecessary administrative privileges helped poor efforts -activators to focus on efforts to gain elevated privileges in a variety of ways.

Attackers innovate to gain administrative rights

“Without easy access to users with local administrative rights, attackers have begun to innovate to gain elevated privileges that can then be used to compromise systems, steal credentials, and move laterally,” the report said.

Copyright © 2022 IDG Communications, Inc.

Microsoft’s security vulnerabilities fall after a five – year rise

Source link Microsoft’s security vulnerabilities fall after a five – year rise

Back to top button