Elevation of Privilege was the #1 vulnerability category in 2021: Report

News Desk -

Share

BeyondTrust, an intelligent identity and access security company, has released the Microsoft Vulnerabilities Report 2022. 

The report includes the most recent annual breakdown of Microsoft vulnerabilities by category and product, as well as six-year trend analysis, which provides a comprehensive understanding of the evolving threat landscape.

BeyondTrust’s annual Microsoft Vulnerabilities Report, now in its ninth edition, analyzes data from security bulletins publicly issued by Microsoft during the previous year.

Microsoft categorizes vulnerabilities that affect one or more of their products as follows: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing. The findings in this year’s report will assist organizations in better understanding and mitigating risks within the Microsoft ecosystem.

Here are some key highlights from this year’s report:

  • For the second year running, Elevation of Privilege was the #1 vulnerability category, accounting for 49% of all vulnerabilities in 2021
  • Of the 326 remote code execution vulnerabilities reported in 2021, 35 had a CVSS score of 9.0 or higher
  • Most of the high-impact vulnerabilities detailed in the report highlight the risks of on-premises technology, indicating that a shift to the cloud can improve an organization’s security
  • Vulnerabilities in IE and Edge in 2021 were at a record high of 349, roughly 4x higher than in 2020

It is critical that organizations continue to carefully manage administrative privilege use to protect against vulnerabilities in Microsoft’s software, said Russell Smith, Editorial Director, Petri IT Knowledgebase. “I’ve always been a strong advocate for limiting access to admin rights. But despite the importance of running with standard user privileges for protecting systems and data, it is still not possible to natively manage in Windows today. Organizations need to manage privileged access on endpoints in a flexible and secure way that reduces risks to the business while allowing employees to do their work.”

“Microsoft’s move to the Common Vulnerability Scoring System (CVSS), now makes it easier for vulnerabilities to be cross-referenced with third-party applications that leverage affected services,” said Morey Haber, Chief Security Officer at BeyondTrust. “However, this is a trade-off because of the loss of visibility to determine the impact of administrative rights on critical vulnerabilities. What is clear, is the continued risk of excessive privileges. With the growing risk of privileged attack vectors caused by cloud deployments, the removal of admin rights remains a critical step to reduce an organization’s risk surface. This can be achieved by adopting a least privilege strategy and enabling zero-trust architectures throughout an environment.”

The Common Vulnerability Scoring System (CVSS) captures the main characteristics of a vulnerability and generates a numerical score indicating the severity level of the vulnerability, ranging from 0 to 10. It is critical to remember that when it comes to scoring vulnerabilities, organizations should not rely solely on the vendor’s CVSS Base Score to prioritize risk and remediation plans. Custom environment metrics should be used by end users to translate risk to their own organizations. This calculation can be found on the NIST website.

With the consistently high volume of Microsoft vulnerabilities, securing endpoints is more important than ever. Many of the risks outlined in this report require the removal of administrative rights. BeyondTrust Endpoint Privilege Management enables organizations to achieve least privilege by providing a solution that not only deploys quickly but also strikes the right balance between security and productivity.


Leave a reply