BeyondTrust: Microsoft Vulnerabilities Near Highest-Ever Numbers in 2023

BeyondTrust’s latest annual Microsoft vulnerabilities report shows total vulnerabilities continued their four-year holding pattern near their highest-ever numbers in 2023.

The BeyondTrust report analyzes data from security bulletins publicly issued by Microsoft throughout the previous year. The Microsoft vulnerabilities report provides information to help organizations understand, identify and address the risks within their Microsoft ecosystems.

Each Microsoft Security Bulletin includes one or more vulnerabilities, which apply to one or more Microsoft products.

Microsoft declined to comment on the report.

Categories of Microsoft Vulnerabilities

Microsoft typically groups vulnerabilities into these main categories:

James Maude, director of research at BeyondTrust, said despite decades of focus and investment in improving security, “we are still finding vulnerabilities like CVE-2023-23397.” That’s a vulnerability in the Windows Microsoft Outlook client that malicious hackers can exploit by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. Microsoft issued a patch for this vulnerability last month.

BeyondTrust's James Maude

“This [vulnerability] has lain dormant until someone noticed that a feature designed to play a custom notification sound when an email arrived could also be used to make an SMB connection and leak NTLM hashes externally,” he said.

Scroll through our slideshow above for more from BeyondTrust’s Microsoft vulnerabilities report.