Report: Windows had most security vulnerabilities of any Microsoft product last year

Elevation of privilege was the most frequently detected issue in Microsoft products, followed by remote code execution and information disclosure.
By Kat Jercich
03:35 PM

Photo: HIMSS Media

An Atlas VPN analysis published this week found that the number of vulnerabilities in Microsoft products reached 1,268 this past year.  

Windows, the product with the most security issues, had a total of 907 vulnerabilities – 132 of which were classified as critical.  

"These numbers are a massive problem because every Microsoft product has millions of users," said Ruth Cizynski, a cybersecurity researcher and author at Atlas VPN, in a statement accompanying her findings.  

WHY IT MATTERS  

Cizynski, who based her analysis on a BeyondTrust report from earlier this year, noted that elevation of privilege was the most frequently detected issue in Microsoft products, making up nearly half of vulnerabilities in 2020.   

"Such vulnerabilities allow malicious actors to gain higher-level permissions on a system or network. The attacker can then use these privileges to steal confidential data, run administrative commands, or install malware," Cizynski wrote.   

Remote code execution was the second most prevalent vulnerability, allowing bad actors to execute any code of their choice on a victim's device.  

Information disclosure, which takes place when an app unintentionally reveals sensitive data to unauthorized parties, made up 14% of all vulnerabilities in 2020.  

As far as products go, Windows had the most vulnerabilities, with Windows Server having the largest number of critical issues.  

Other Microsoft products, including Edge, Internet Explorer and Office, were also found to have vulnerabilities.  

THE LARGER TREND  

Cybersecurity has taken a major turn in the spotlight this year, with high-profile attacks on major industries (including healthcare networks) emphasizing the importance of robust software protection.

In April, the U.S. Department of Justice announced that the FBI had successfully removed malicious scripts from hundreds of vulnerable computers after a hacking group exploited vulnerabilities in Microsoft Exchange servers.   

And just this week, U.S. Secretary of Commerce Gina Raimondo said President Joe Biden's administration could consider military action in response to ransomware attacks.  

"We are considering all of our options," said Raimondo. "We are not taking anything off the table as we think about possible repercussions, consequences or retaliation."

ON THE RECORD  

"It is important that consumers update their software applications on time," noted Cizynski.  

"Software updates can include security patches that can fix vulnerabilities and save users from getting hacked," she said.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.