A great technology shift is underway. In his novel 1984, George Orwell describes a “Versificator”—a mechanical device used to produce literature and music without human intervention. Now, in this age of AI, machines can churn out that “dreadful rubbish” Orwell described. Machine content that’s entertaining and enraging in equal measure is no longer fiction, but a daily reality.
Aside from the Orwellian clock reference, thirteen is an infamous number, associated with bad luck, unexpected twists, and stories that take a darker turn when you least expect it. In this report, we’re leaning into that theme because 2025’s data has exactly that shape: familiar on the surface, but disquieting the deeper you look.
At first glance, we see the total number of Microsoft vulnerabilities declined slightly year-overyear, from 1,360 in 2024 to 1,273 in 2025, continuing a minor fluctuation pattern in place since 2020. While the overall numbers remain significantly higher than the 540 we saw 10 years ago, that disparity is largely explainable by the expansion of the Microsoft software portfolio. We must also consider that Microsoft has increased focus on security in recent years, and, as a result, more vulnerabilities have been found and added to the overall count.
But once we dissect the data, things take an unexpected turn. Yes, total volume of vulnerabilities dipped by about 6%, but critical vulnerabilities doubled, rising from 78 to 157. This represents a considerable departure from the steady, multi-year decline in the volume of critical vulnerabilities.
