About 1.5 billion people use the Windows operating system every day. With a third of known breaches caused by unpatched vulnerabilities, it is important for organisations to stay one step ahead of threat actors who are exploiting this growing landscape. The old adage – an ounce of prevention is worth a pound of cure – works well in this case.
The 8th edition of the Microsoft Vulnerabilities Report compiles every Microsoft security bulletin from the past 12 months, analyses the trends, and includes viewpoints from security experts. This provides a consolidated view and analysis of Microsoft patch Tuesdays, providing a crucial barometer of the threat landscape for the Microsoft ecosystem.
Some of the key findings from this year's edition:
- In 2020, a record-high number of 1,268 Microsoft vulnerabilities were discovered, a 48% increase YoY
- The number of reported vulnerabilities has risen an astonishing 181% in the last five years (2016-2020)
- Removing admin rights from endpoints would mitigate 56% of all Critical Microsoft vulnerabilities in 2020
- For the first time, “Elevation of Privilege” was the #1 vulnerability category, comprising 44% of the total, nearly three times more than in the previous year
In 2020, there were a total of 196 Critical vulnerabilities reported. Interestingly though, 109 (that is 56%) of them could have been mitigated if one simple action had been taken: the removal of administrator rights.