INTELLIGENT BRANDS // Enterprise Security

BeyondTrust ’ s 2024 annual Microsoft Vulnerabilities Report pitched as a ‘ prime illustration ’ of the modern identity threat landscape .

The Elevation of Privilege vulnerability category continues to dominate , accounting for 40 % ( 490 ) of the total vulnerabilities in 2023 .

Denial of Service vulnerabilities climbed 51 % to hit a record high of 109 in 2023 , with Spoofing demonstrating a dramatic 190 % increase – from 31 to 90 .

The total number of critical vulnerabilities continues its downward trend , but slows its descent , dropping by 6 % to 84 in 2023 ( 5 less than in 2022 ).

Other findings include : emboldens BeyondTrust ’ s mission to provide the broadest level of visibility and protection of paths to privilege .”

• After Microsoft Azure & Dynamics 365 vulnerabilities skyrocketed in 2022 , they almost halved in 2023 – down from 114 to 63 .

• Microsoft Edge experienced 249 vulnerabilities in 2023 , only one of which was critical .

• There were 522 Windows vulnerabilities in 2023 , 55 of which were critical .

• Microsoft Office experienced 62 vulnerabilities in 2023 .

• Windows Server category had 558 vulnerabilities in 2023 , 57 of which were critical .

“ This report continues to highlight the need to keep improving security , not only at Microsoft , but also for all organisations who are looking to better manage cyber risks in the context of an evolving threat landscape ,” said James Maude , Director of Research , BeyondTrust .

“ This year ’ s report was a prime illustration of the modern identity threat landscape . The continued domination of Elevation of Privilege as the most common category of vulnerability and the identity crisis highlighted at the end of the report , underscore the importance of privilege and the timeless security concept of least privilege . It also

Despite overall stability in the Microsoft vulnerabilities data , the report ’ s analysis of critical vulnerabilities and innovative threat tactics predict now is not the time to get complacent :

• Vulnerabilities and unpatched systems will continue to provide threat actors a means of attack .

• Expanding Microsoft technologies will continue to introduce new attack surfaces .

• Novel vulnerabilities will continue to emerge as threat actors uncover innovative pathways through Microsoft ’ s systems .

• Investments in research and security practices will continue to shift the way threat actors gain their foothold , as it becomes easier to steal an identity to gain access than to exploit a vulnerability .

Despite predicting an increase in the volume and sophistication of identity-based attacks , this year ’ s report shows once again that long-standing , foundational security principles like least privilege will continue to offer the best line of defence – even against modern threats – and that the organisations who successfully pair preventative security controls with threat detection and response will continue to be much better poised to withstand tomorrow ’ s threats . p

56 INTELLIGENTCIO LATAM www . intelligentcio . com