The Microsoft Vulnerabilities Report analyzed 2023 data and discovered that total vulnerabilities remained high at around 1,228, similar to the past four years, as elevation of privilege vulnerabilities were the most common (490), and critical vulnerabilities continued to decline (84 in 2023).
It also explores how these vulnerabilities are exploited in identity-based attacks, offers mitigation strategies, and analyzes Microsoft vulnerabilities over a five-year period.
After a surge in 2020, the total number of vulnerabilities has plateaued around 1,200-1,300 in the last four years, while in 2022, there were 1,292 vulnerabilities, the highest number recorded.
This number will slightly decrease by 5% to 1,228 in 2023, as Denial-of-Service and spoofing vulnerabilities saw significant spikes, with a 51% and 190% increase, respectively, in 2023, and the number of critical vulnerabilities has also been slowly declining.
Microsoft’s security efforts are paying off, as the number of critical vulnerabilities has been steadily decreasing, which is likely due to the retirement of legacy products and security improvements in cloud technologies.
However, the total number of vulnerabilities is not the only important factor, as critical vulnerabilities are those that can be easily exploited and have a high impact on confidentiality, integrity, and the availability of data.Â
These vulnerabilities are especially concerning because they can lead to complete compromise of a device or infrastructure without requiring any special access or user interaction.
A report by BeyondTrust analyzed vulnerabilities in Microsoft products, finding Elevation of Privilege (EoP) to be the most common type (490), despite a 31% decrease from the previous year.
It aligns with common attacker goals of gaining access to sensitive data or performing actions that require higher privileges and the good news is that EoP vulnerabilities in Azure and Windows Server specifically have significantly decreased (86% and 26%, respectively). However, a robust Privilege Access management strategy is still crucial to prevent attackers from exploiting any remaining vulnerabilities.
RomCom, a Russian cybercriminal group, launched a phishing campaign targeting defense and government entities in Europe and North America, where the emails contained malicious Office documents that exploited a zero-day vulnerability (CVE-2023-36884) to bypass Mark of the Web (MotW) protections.Â
By utilizing a Windows Search feature to download the malicious files without MotW flagging them, the vulnerability allowed attackers to download remote files and execute arbitrary code on the victim’s computer.
As attackers continue to discover new ways to circumvent security measures, this campaign brings attention to the ongoing conflict that exists between attackers and defenders.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
