BeyondTrust announced the release of the 2021 Microsoft Vulnerabilities Report. The research includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a five-year trend analysis, providing a holistic understanding of the evolving threat landscape. The BeyondTrust Microsoft Vulnerabilities Report, produced annually by BeyondTrust, analyzes the data from security bulletins publicly issued by Microsoft throughout the previous year.
Approximately 1.5 billion people use Windows operating systems each day, with various applications for Microsoft’s products reaching into homes, businesses, and entertainment venues. The data in this report provides a crucial barometer of the threat landscape for the Microsoft ecosystem.
Now in its eighth edition, this year’s report identified the following highlights:
o In 2020, a record-high number of 1,268 Microsoft vulnerabilities were discovered, a 48% increase YoY
o The number of reported vulnerabilities has risen an astonishing 181% in the last five years (2016-2020)
o Removing admin rights from endpoints would mitigate 56% of all Critical Microsoft vulnerabilities in 2020
o For the first time, “Elevation of Privilege” was the #1 vulnerability category, comprising 44% of the total, nearly three times more than in the previous year
o 87% of Critical vulnerabilities in Internet Explorer and Microsoft Edge would have been mitigated by removing admin rights
o 70% of Critical vulnerabilities affecting Windows 7, Windows RT, 8/8.1 and 10 would have been mitigated by removing admin rights
o 80% of Critical vulnerabilities in all Office products (Excel, Word, PowerPoint, Visio, Publisher, and others) would have been mitigated by removing admin rights
o 66% of Critical vulnerabilities affecting Windows Servers would have been mitigated by removing admin rights
“The sheer fact that patching must always occur is a cybersecurity basic, said Morey Haber, Chief Technology Officer & Chief Information Security Officer at BeyondTrust. “However, deflecting an attack with good cybersecurity policies like the removal of administrative rights ultimately makes the environment, and home workers, even more secure. And, most importantly, honouring least privilege can buy your organization time to patch when critical vulnerabilities are published.”