The total number of Microsoft vulnerabilities broke records, with 1,292 vulnerabilities detected, highlighting a level of threat and impact that has reached its highest level.
BeyondTrust, the company specializing in intelligent identity and access security management, returns this week to one of the key figures of this first part of the year, namely the total number of Microsoft vulnerabilities revealed for the year alone. 2022. And it is colossal, since the firm at the window has counted 1,292 flaws. This data comes from the Microsoft Vulnerability Report and is the highest ever recorded by BeyondTrust, which publishes its study on the vulnerabilities of the American giant for the tenth year. How should we interpret this number?
Escalation of privilege attacks at Microsoft in 2022
Beyond the relatively impressive mass of flaws detected, it is more the level of threat and the power of impact of each of the vulnerabilities that worry the experts. Let’s first remember that when revealing its vulnerabilities, Microsoft, which presents new flaws every week with a batch of patches during the traditional Patch Tuesday, groups them into several categories:
- remote code execution;
- privilege escalation;
- circumvention of security features;
- falsification;
- disclosure of information;
- denial of service (DDoS);
- and usurpation.
Regarding the elevation of privileges, this is the major vulnerability category at Microsoft, and this, for the third consecutive year. These attacks, which allow gaining unauthorized privileged access to a system, can cause major damage, including ransomware. They alone account for 55% of the vulnerabilities identified in 2022 by Microsoft, i.e. 715 in total.
Vulnerabilities have been increasing steadily for 10 years
Do you know what is the common point, or rather the two common points of Microsoft Azure and Dynamics 365? They are both the two products that generate the most revenue within the American company, and also among those with the most vulnerabilities. They also increased by 159% between 2021 and 2022, going from 44 to 114. The Microsoft Edge browser was associated with 311 vulnerabilities, including 49 critical.
Beyond that, there are 6.9% of critical flaws among Microsoft vulnerabilities detected in 2022, a proportion fortunately lower than in the past (44% in 2013). The signal is also positive on the side of the Office suite, for which vulnerabilities are at their lowest for 5 years, with 36 flaws only last year.
” For 10 years we have witnessed the increase in the high number of Microsoft vulnerabilities says James Maude, Lead Security Researcher at BeyondTrust. If faults have been on the rise for 10 years, not everything is negative, as we said. There is even a glimmer of hope, according to the cyber company: ” Establishing the principle of least privilege is proving just as effective for today’s cloud systems and IoT devices as it was for earlier systems, some of which are still in use. »
3