Solely 104 important vulnerabilities have been reported in 2021, an all-time low for the world’s largest software program firm.
Total vulnerabilities throughout all Microsoft merchandise decreased 5 % in 2021, in line with the annual BeyondTrust Microsoft Vulnerabilities 2022 report. Whereas some merchandise corresponding to Web Explorer and Microsoft Edge noticed a surge within the total variety of vulnerabilities, the bottom ever variety of Microsoft vulnerabilities have been thought of important.
This development additionally held true for Home windows, Home windows Server, Microsoft Workplace, Azure Cloud and Dynamics365, Microsoft’s ERP answer.
To create the Microsoft Vulnerabilities report, the authors reviewed each Microsoft safety bulletin from the earlier 12 months to supply a barometer of the risk panorama for the Microsoft ecosystem.
SEE: Home windows, Linux and Mac instructions everybody must know (free PDF) (TechRepublic)
The variety of vulnerabilities throughout different classes, corresponding to reminiscence corruption, overﬂow and cross-site scripting, dropped considerably throughout all Microsoft merchandise between 2020 to 2021 as effectively.
For the second 12 months in a row, elevation of privilege outpaced distant code execution because the safety class with probably the most vulnerabilities recorded.
“As we dig into the info this 12 months, we are able to see the persevering with downward development in important vulnerabilities,” stated James Maude, lead cyber safety researcher at BeyondTrust, a privilege administration and cloud safety vendor. “Put merely, this funding has made it considerably tougher for an attacker to leap from a browser vulnerability to complete management of the system in a single transfer.”
Vulnerabilities throughout Microsoft merchandise
Web Explorer and Edge vulnerabilities
In 2021, there have been a record-breaking 349 Web Explorer and Edge vulnerabilities, nearly 4 instances the quantity in 2020 although solely six have been thought of important.
This sudden improve was as a result of consolidation of the browser market (with Edge having adopted Google’s Chrome browser know-how), fewer browser plugins corresponding to Adobe Flash to assault, and improved transparency in vulnerability reporting by Google, the report stated.
Home windows vulnerabilities
In 2020 there have been 507 vulnerabilities throughout Home windows 7, Home windows RT, Home windows 8/8.1 and Home windows 10 working programs. Sixty of the Home windows 10 working system vulnerabilities have been thought of important. Total, Home windows vulnerabilities dropped 40% in comparison with 2020 and 50% over the previous 5 years.
“Microsoft’s extra aggressive stance on updating Home windows can be translating into a discount within the period of time programs are uncovered to the chance of vulnerabilities,” the report stated. “This two-punch combo of fewer vulnerabilities and quicker patching comes as welcome progress after the relentless pressures of 2020.”
Microsoft Workplace vulnerabilities
Of the 66 Workplace vulnerabilities reported, just one was thought of important. Whereas that is excellent news, Workplace functions are nonetheless weak to older exploits, such because the Equation Editor bug, though patches have been accessible for years.
“Many malware toolkits include quite a few Workplace exploits aggregated from the previous 10 years, with the purpose of discovering an unpatched system,” the report stated.” “These toolkits and methods have confirmed extremely profitable for a lot of risk actors.”
Home windows Server vulnerabilities
Home windows Server vulnerabilities have dropped to their lowest ranges since 2018, the report stated. 12 months over 12 months, the variety of Home windows Server vulnerabilities decreased by 41%, whereas important vulnerabilities dropped by 50% in comparison with 2020.
“It has taken Microsoft a number of generations of Home windows Server to get to a model inherently safer,” the report stated. “The newest releases of Home windows Server have fewer vulnerabilities than ever earlier than, regardless of being among the largest code bases for any working system.”
Azure and Dynamics 365 vulnerabilities
Of the 30 vulnerabilities in Azure, solely 5 have been thought of important. Dynamics 365 had six important vulnerabilities in 2020.
The report known as out three vulnerabilities as significantly problematic:
- Microsoft Alternate Server Distant Code Execution Vulnerability (CVE-2021-28480 and CVE-2021-28481)
- Home windows DNS Server Distant Code Execution Vulnerability (CVE-2021-34473, CVE-2021-26894, CVE-2021-26895 and CVE-2021-26897)
- Microsoft Defender for IoT Distant Code Execution Vulnerability (CVE-2021-42311 and CVE-2021-4231)