Saturday, January 25, 2025
HomeCVE/vulnerability1,200+ Vulnerabilities Detected In Microsoft Products In 2023

1,200+ Vulnerabilities Detected In Microsoft Products In 2023

Published on

SIEM as a Service

Follow Us on Google News

Hackers often focus on flaws in Microsoft products since they are commonly employed in various institutions and personal computers, which means they have a bigger area to attack. 

This is because these systems could be used as an entry point into sensitive information, letting attackers take over or spread malicious software and malware without permission.

Cybersecurity researchers at BeyondTrust recently detected over 1200 vulnerabilities in Microsoft products in 2023.

Technical Analysis

In 2023 alone, the company still had to address 522 problems with Windows (55 of them critical), 249 with Edge, 92 with Office, and 558 with Windows Server (57 of them critical) — although those numbers were down from their heights in 2022.

However, there was also an alarming surge in new types of vulnerabilities, and the Denial of Service flaws grew by more than half to 109.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Spoofing vulnerabilities skyrocketed by nearly four times from 31 to 90, pointing to new attack vectors even as overall vulnerability disclosures dropped.

Totals remained flat for four years following Microsoft’s vulnerability peak in 2020, fluctuating within 7% of one another before settling at 1228 in 2023; it’s a 5% decrease from the record high of 1292 set in 2022, according to the report.

This flat was brought about by retiring the legacy products predating Microsoft’s Security Development Lifecycle, which were replaced with newer, more secure offerings. 

Though not as significant as previous years’ declines, the continued fall is still good news for IT professionals encouraged by this trend.

The likelihood of successful exploitation varies greatly depending on how widely known and understood any given flaw may be among potential attackers.

So, the overall counts only indicate environmental robustness rather than reflecting entire risk landscapes.

While the National Vulnerability Database marked 33 Microsoft flaws in 2023 as critical (9.0+ score), a 50% increase from 2022, Microsoft classified 84 as critical, down 6%. 

Elevation of Privilege remained the top vulnerability category despite a 31% drop to 490, followed by Remote Code Execution’s 13% rise to 356, partly offset by Azure, Office, and Windows declines. 

The RCE increase in Windows Server resulted from Microsoft’s collaboration with security researchers, disclosing and patching flaws before public exploitation. 

Browser and document viewer vulnerabilities declined as Edge adopted Chromium’s matured security, and dropping Internet Explorer eliminated drive-by downloads and Flash exploits. 

Critical Edge vulnerabilities dived from 162 in 2017 to just 1 in 2023, presenting Chromium’s hardened security benefits.

While up in 2023, Office vulnerability totals show a long-term downward trend as older versions reach End-of-Life, forcing attackers to innovate past mitigations like disabling auto-run macros. 

However, adding SketchUp 3D file support introduced 117 new vulnerabilities that bypassed initial patches, temporarily disabling the feature.

Mitigations

Here below we have mentioned all the mitigations offered by the cybersecurity researchers:-

  • Enforce the least privilege by removing local admin rights
  • Follow security hardening protocols7 such as patching
  • Secure remote access pathways
  • Tailor vulnerability management to your own environment
  • Stay vigilant to emerging threats
  • Implement identity threat detection and response (ITDR)

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...