BeyondTrust: Microsoft Vulnerabilities Near Highest-Ever Numbers in 2023

Cybercriminals remain focused on compromising identities.

Edward Gately, Senior News Editor

April 22, 2024

6 Slides
Microsoft vulnerabilities

Already have an account?

ra2 studio/Shutterstock

BeyondTrust’s latest annual Microsoft vulnerabilities report shows total vulnerabilities continued their four-year holding pattern near their highest-ever numbers in 2023.

The BeyondTrust report analyzes data from security bulletins publicly issued by Microsoft throughout the previous year. The Microsoft vulnerabilities report provides information to help organizations understand, identify and address the risks within their Microsoft ecosystems.

Each Microsoft Security Bulletin includes one or more vulnerabilities, which apply to one or more Microsoft products.

Microsoft declined to comment on the report.

Categories of Microsoft Vulnerabilities

Microsoft typically groups vulnerabilities into these main categories:

  • Remote code execution (RCE).

  • Elevation of privilege (EoP).

  • Information disclosure.

  • Denial of service.

  • Spoofing.

  • Tampering.

  • Security feature bypass.

James Maude, director of research at BeyondTrust, said despite decades of focus and investment in improving security, “we are still finding vulnerabilities like CVE-2023-23397.” That’s a vulnerability in the Windows Microsoft Outlook client that malicious hackers can exploit by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. Microsoft issued a patch for this vulnerability last month.

BeyondTrust's James Maude

“This [vulnerability] has lain dormant until someone noticed that a feature designed to play a custom notification sound when an email arrived could also be used to make an SMB connection and leak NTLM hashes externally,” he said.

Scroll through our slideshow above for more from BeyondTrust’s Microsoft vulnerabilities report.

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like