INFOGRAPHIC

Elevation of Privilege is the top vulnerability category for the fourth year running , accounting for 40 % of all Microsoft vulnerabilities in 2023 .

Produced annually by BeyondTrust , this report analyses data from security bulletins publicly issued by Microsoft throughout the previous year and provides valuable information to help organisations understand , identify and address the risks within their Microsoft ecosystems .

Each Microsoft Security Bulletin is comprised of one or more vulnerabilities , which apply to one or more Microsoft products . Microsoft typically groups vulnerabilities into these main categories : Remote Code Execution ( RCE ), Elevation of Privilege ( EoP ), Information Disclosure , Denial of Service ( DDoS ), Spoofing , Tampering and Security Feature Bypass .

This year ’ s edition of the report also assesses how vulnerabilities are being leveraged in identity-based attacks , spotlighting some of the most significant CVEs of 2023 ( 9.0 + CVSS severity scores ).

Highlights and key findings

Total and critical vulnerabilities demonstrated some of the most consistent data , year over year , since this report ’ s debut , a strong indicator that overall longterm security efforts are paying off . This may also reflect that attackers are increasingly re-focusing their efforts on exploiting identities , rather than Microsoft software vulnerabilities .

• After hitting an all-time high in 2022 , total vulnerabilities continue their 4-year holding pattern near their highest-ever numbers in 2023 , remaining between 1,200 and 1,300 ( since 2020 ).

• Elevation of Privilege vulnerability category continues to dominate , accounting for 40 % ( 490 ) of the total vulnerabilities in 2023 .

• Denial of Service vulnerabilities climbed 51 % to hit a record high of 109 in 2023 , with Spoofing demonstrating a dramatic 190 % increase , from 31 to 90 .

• The total number of critical vulnerabilities continues its downward trend , but slows its descent , dropping by 6 % to 84 in 2023 ( 5 less than in 2022 ).

• After Microsoft Azure and Dynamics 365 vulnerabilities skyrocketed in 2022 , they almost halved in 2023 – down from 114 to 63 .

• Microsoft Edge experienced 249 vulnerabilities in 2023 , only one of which was critical .

• There were 522 Windows vulnerabilities in 2023 , 55 of which were critical .

• Microsoft Office experienced 62 vulnerabilities in 2023 .

• Windows Server category had 558 vulnerabilities in 2023 , 57 of which were critical .

“ This report continues to highlight the need to keep improving security , not only at Microsoft , but also for all organisations who are looking to better manage cyber risks in the context of an evolving threat landscape ,” said James Maude , Director of Research , BeyondTrust . “ This year ’ s report was a prime illustration of the modern identity threat landscape . The continued domination of Elevation of Privilege as the most common category of vulnerability and the identity crisis highlighted at the end of the report , underscore

24 INTELLIGENTCIO LATAM www . intelligentcio . com