Microsoft Vulnerabilities Report 2021

Overview

Currently in its 8th year, the Microsoft Vulnerabilities Report has proven to be a valuable asset for many organizations who wish to gain a holistic understanding of the evolving threat landscape. The report provides a 12-month, consolidated view and analysis of Microsoft Patch Tuesdays, as well as exclusive insights from some of the world’s top cybersecurity experts.

Unpatched vulnerabilities are the cause of 1 in 3 breaches around the world. As a result of unpatched vulnerabilities, organizations can pay the ultimate price.

In 2017, the WannaCry ransomware attack infected over 200,000 computers across 150 countries, causing damages ranging from hundreds of millions to billions of dollars. While Microsoft had released patches to close the exploit, much of WannaCry’s spread was from organizations that had not yet applied them.

In 2020, Ryuk Ransomware operators shut down Universal Health Services using the Zerologon privilege-escalation vulnerability to quickly take control of domain controllers. This same vulnerability was also actively used by an Iranian state actor in attacks.

Although many organizations understand the need to install the latest security patches to mitigate vulnerabilities and prevent their corresponding exploits in a timely manner, the volume can be overwhelming. The reality is that many companies, often under-resourced from an IT perspective, struggle with timely patching for every Critical vulnerability released.

Approximately 1.5 billion people use Windows operating systems each day, with various applications for Microsoft’s products reaching into homes, businesses, and entertainment venues. The data in this report provides a crucial barometer of the threat landscape for the Microsoft ecosystem.

What Does the Data Tell Us?

The BeyondTrust Microsoft Vulnerabilities Report analyzes the data from security bulletins issued by Microsoft throughout the previous year. Every Tuesday, Microsoft releases fixes for all vulnerabilities affecting Microsoft products – known as Patch Tuesday. The BeyondTrust report compiles this extensive information into a holistic, consolidated view that highlights key trends from the prior year.

This analysis not only reveals evolving vulnerability trends, but also identifies the Critical vulnerabilities that could be mitigated if admin rights were removed.

We also include an insightful, five-year trend comparison to give you a better understanding of how vulnerabilities have grown over time, along with additional detail by category and product type.