Microsoft Vulnerabilities Report 2020

The BeyondTrust Microsoft Vulnerabilities Report, produced annually, analyzes the data from security bulletins issued by Microsoft throughout the previous year. Every Tuesday, Microsoft releases fixes for all vulnerabilities affecting Microsoft products, and this report compiles these releases into a year-long overview, creating a holistic view of trends related to vulnerabilities and, more importantly, how many Microsoft vulnerabilities could be mitigated if admin rights were removed from organizations.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products.

Executive Summary

Below are some of the key findings from this year’s Microsoft Vulnerabilities Report, which analyzes all Patch Tuesday bulletins released throughout 2019.

• In 2019, a record high number of 858 Microsoft vulnerabilities was discovered
• The number of reported vulnerabilities has risen 64% in the last 5 years (2015-2019)
• Removing admin rights would mitigate 77% of all Critical Microsoft vulnerabilities in 2019
• 100% of Critical vulnerabilities in Internet Explorer & Edge would have been mitigated by removing admin rights
• 80% of Critical vulnerabilities affecting Windows 7, 8.1 and 10 would have been mitigated by removing of admin rights

How Microsoft Groups Vulnerabilities

Each Microsoft Security Bulletin comprises of one or more vulnerabilities, applying to one or more Microsoft products. These categories, organized by impact type, consist of Remote Code Execution, Elevation of Privilege, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing and Tampering.

As per previous reports, Remote Code Execution (RCE) account for the largest proportion of total Microsoft vulnerabilities throughout 2019. Of the 323 RCE vulnerabilities, 191 were considered Critical. Of these Critical vulnerabilities, the removal of admin rights would have mitigated 76%. RCE vulnerabilities in 2019 hit a record high, while Elevation of Privilege vulnerabilities also rose by 37% since last year.