The number of critical Microsoft vulnerabilities decreased by 47%


According to the annual report BeyondTrust Microsoft Vulnerabilities 2022 , the total number of vulnerabilities in all Microsoft products
in 2021, it decreased by 5%. A surge in the total number of vulnerabilities was observed in Internet Explorer and Microsoft Edge, most of the shortcomings were not critical. Windows, Windows Server, Microsoft Office, Azure Cloud and Dynamics365, Microsoft ERP solutions were also exposed to vulnerabilities. In addition, for the second year in a row, privilege escalation contains the largest number of reported vulnerabilities.

“We see a decrease in the number of critical vulnerabilities. Simply put, for an attacker, the transition from browser vulnerability to full control over the system has become more complicated”, ” said James Maude, BeyondTrust’s lead cybersecurity researcher.

Vulnerabilities of Internet Explorer and Edge

In 2021, a record number of vulnerabilities (349 pcs.) of Internet Explorer and Edge were recorded. This is almost 4 times more than in 2020, although only 6 were considered critical.

The sudden increase occurred for the following reasons:

  • There was a consolidation of the browser market, due to which Edge adopted the Google Chrome browser technology;
  • Reducing the number of browser plug-ins;
  • Increase the transparency of vulnerability reports from Google.

Windows Vulnerabilities

In 2020, 507 vulnerabilities were discovered in Windows 7, Windows RT, Windows 8/8.1 and Windows 10. 60 flaws of Windows 10 were critical. The number of Windows vulnerabilities has decreased by 40% compared to 2020 and by 50% over the past 5 years.

Microsoft Office Vulnerabilities

Of the 66 Office vulnerabilities found, only 1 was critical. However, Office applications are still vulnerable to old exploits, even though fixes have been available for years.

Windows Server Vulnerabilities

Windows Server vulnerabilities have dropped to their lowest level since 2018. Compared to 2021, the number of Windows Server vulnerabilities decreased by 41%, and critical vulnerabilities by 50% compared to 2020.

Vulnerabilities of Azure and Dynamics 365

Of the 30 vulnerabilities in Azure, only 5 were considered critical. In 2020, Dynamics 365 had 6 critical vulnerabilities.

The report names 3 vulnerabilities as the most dangerous:

  • Vulnerability of the Microsoft Exchange server that allows remote code execution (CVE-2021-28480 and CVE-2021-28481 )
  • Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-34473, CVE-2021-26894, CVE-2021-26895 and CVE-2021-26897)
  • Microsoft Defender Remote Code Execution vulnerability for IoT (CVE-2021-42311 and CVE-2021-4231)

Earlier, Microsoft published a fix guide
a recently discovered zero-day vulnerability in the Office suite for
performance improvement that can be used to execute code on the system.
Vulnerability CVE-2022-30190 with a rating of 7.8 out of 10 affects Microsoft Office
2013, Office 2016, Office 2019 and Office 2021, as well as Professional editions

Start a discussion …