The total number of Microsoft vulnerabilities reported in 2021 fell 5%, reversing a five – year trend that saw such vulnerabilities rise sharply, according to a new report from identity management and security vendor BeyondTrust.
A total of 1,212 new vulnerabilities were discovered in 2021, but their severity, as well as their location in the Microsoft software product family, has changed significantly year on year. Vulnerabilities in its “critical” rating on the CVSS standard have fallen 47% in the past year, reaching the lowest levels since BeyondTrust began issuing this report, nine years ago.
Vulnerabilities on Windows, Windows Server crash
Both Windows and Windows Server saw sharp reductions in the total detected vulnerabilities, 40% and 50%, respectively, with vulnerabilities affecting Microsoft Edge and Internet Explorer browsers reaching record highs.
Contributing to the latest analysis is Microsoft’s transition to a common NIST vulnerability scoring system, which allows researchers to cross – reference security flaws in a more direct way with bugs in the external ecosystem.
The most common type of vulnerability seen in 2021 was a rise in privilege, when an attacker gains administrative rights over a system by illicit means. A total of 588 such vulnerabilities were discovered in 2021. BeyondTrust researchers credit wider uptake of best security practices for this increase – in contrast, a general decline in the number of users with unnecessary administrative privileges helped poor efforts -activators to focus on efforts to gain elevated privileges in a variety of ways.
Attackers innovate to gain administrative rights
“Without easy access to users with local administrative rights, attackers have begun to innovate to gain elevated privileges that can then be used to compromise systems, steal credentials, and move laterally,” the report said.
The second most common type of vulnerability focused on remote code execution, which is extremely dangerous since attacks that target such faults can be carried out remotely, with little or no user-required interaction. A total of 326 of these vulnerabilities were detected in 2021, 35 of which were rated 9.0 or higher on the CVSS scale.
“With this type of risk, workable exploitation is not a question of‘ whether there is exploitation, ’but‘ when will it be publicly available, ’” the BeyondTrust report said.
The report also broke vulnerabilities in key Microsoft products, including Azure, Windows, and Microsoft Office. The latter had only one critical vulnerability, compared to a total of 66 received in 2021, while the same numbers for Azure and Dynamics 365 were seven and 44, respectively.
BeyondTrust researchers praised Microsoft Azure’s consistent efforts to keep Microsoft safe, and called for a “steady reduction” in Office vulnerabilities. Similarly, total Windows operating system vulnerabilities decreased by 40% in 2021 compared to the previous year, with critical security flaws falling by 50%.
Copyright © 2022 IDG Communications, Inc.
Microsoft’s security vulnerabilities fall after a five – year rise
Source link Microsoft’s security vulnerabilities fall after a five – year rise