MICROSOFT VULNERABILITIES REPORT 2019
[Pages:17]MICROSOFT VULNERABILITIES REPORT 2019
An Analysis of Microsoft Security Updates in 2018
TABLE OF CONTENTS
Microsoft Vulnerabilities Report 2019
EXECUTIVE SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 DATA HIGHLIGHTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 VULNERABILITY CATEGORIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 VULNERABILITIES BY PRODUCT
WINDOWS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 INTERNET EXPLORER & EDGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 OFFICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 WINDOWS SERVERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 SECURITY IMPACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 MITIGIATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 EXPERT COMMENTARY KIP BOYLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 0 DEREK A. SMITH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 DR. JESSICA BARKER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 ABOUT THE REPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4
EXECUTIVE SUMMARY
Introduction
Microsoft Vulnerabilities Report 2019 1
The Microsoft Vulnerabilities Report 2019 analyzes the data from security bulletins issued by Microsoft throughout 2018. On the second Tuesday of every month, commonly referred to as "Patch Tuesday," Microsoft releases fixes for any vulnerabilities affecting Microsoft products. This report compiles these releases into a year-long overview, providing a more holistic view of whether vulnerabilities are increasing, and how many Microsoft vulnerabilities could be mitigated if admin rights were secured across organizations.
As the 2019 Microsoft Vulnerabilities report is the sixth annual edition, it includes a trend comparison based on several years of data. This analysis provides a better understanding of how vulnerabilities are growing, and in which specific products. Microsoft vulnerabilities continued to rise in 2018, with a total of 700 vulnerabilities discovered.
VULNERABILITIES DISCOVERED
And while there are 46 less Critical Vulnerabilities than in last year's report, the findings indicate that the removal of admin rights would mitigate a higher percentage of Critical Vulnerabilities this year.
Of the 189 Critical Vulnerabilities discovered, 154 (81%) could have been prevented if administrator rights had been secured.
" Least privileged access continues to be the way forward - we
know with certainty that the removal of admin rights is one of the leading mitigating factors in keeping our networks and systems
" safe in the face of accelerating vulnerability disclosures. -- Kenneth Holley, Founder & CEO at Information Systems Integration
Microsoft Vulnerabilities Report 2019 2
DATA HIGHLIGHTS
INCREASE
Overall number of reported vulnerabilities over 6 years. (2013-2018)
Critical vulnerabilities reported by Microsoft over 6 years. (2013-2018)
INCREASE
PREVENTABLE
Of the 189 critical vulnerabilities discovered, 154 could have been prevented if administrator rights had been removed.
Percentage of critical vulnerabilities in Internet Explorer, Microsoft Office, Windows 7, 8.1, and 10, and Windows servers that would have been mitigated by removing admin rights.
PREVENTABLE
PREVENTABLE
PREVENTABLE
servers
PREVENTABLE
How Microsoft Groups Vulnerabilities
Microsoft Vulnerabilities Report 2019 3
Each Microsoft Security Bulletin is comprised of one or more vulnerabilities, applying to one or more Microsoft products.
Similar to previous reports, Remote Code Execution (RCE) accounts for the largest proportion of total Microsoft vulnerabilities throughout 2018. Of the 292 RCE vulnerabilities, 178 were considered Critical. The removal of admin rights from Windows endpoints would have mitigated 86% of these Critical vulnerabilities. Over six years, RCE vulnerabilities are notably higher than they were in 2013, experiencing a 54% rise.
VULNERABILITY CATEGORIES
Breakdown of Microsoft Vulnerability
Categories in 2018
300
250
200
150
100
50
0 Remote Code Execution
Information Disclosure
Elevation of Privilege
Total number of vulnerabilities
Total number of critical vulnerabilities
Denial of Service
Security Feature Bypass
Spoofing
Tampering
Remote Code Execution Elevation of Privilege
Security Feature Bypass Tampering
Information Disclosure Denial of Service Spoofing
2013 190 99
4 1 20 19 1
2014 257 39 16
1 17 13 2
2015 303 108 35
1 56 13 9
2016 269 114 26
0 102 0 12
2017 301 90 41
1 193 43 16
2018 292 145 53
8 153 29 20
Vulnerability Categories (2013-2018)
Windows Vulnerabilities
In 2018, 499 vulnerabilities were reported across Windows Vista, Windows 7, Windows RT, Windows 8/8.1, and Windows 10 operating systems. Windows 10 was touted as the "most secure Windows OS" to date when it was released, yet Microsoft has still reported vulnerabilities. While the overall number decreased from the prior year, the six year trend (2013-2018) shows almost twice the number reported over that time frame. Of all the Windows vulnerabilities discovered in 2018, 169 of these were considered "critical". Removing admin rights could have mitigated 85% of these critical vulnerabilities.
VULNERABILITIES DISCOVERED
Microsoft Vulnerabilities Report 2019 4
MITIGATED BY REMOVING ADMIN RIGHTS
PRODUCT VIEW
INCREASE IN VULNERABILITIES SINCE 2013
CRITICAL VULNERABILITIES DISCOVERED
600
500
400
Microsoft Windows Vulnerabilities 300 (2013-2018)
200
Total number of vulnerabilities
Total number of critical vulnerabilities
100
0 2013
2014
2015
2016
2017
2018
Internet Explorer & Edge Browser Vulnerabilities
Microsoft Vulnerabilities Report 2019 5
PRODUCT VIEW
Microsoft Internet Explorer remains a widely used browser, but since January 2016 Microsoft only supports and patches the most current version of Internet Explorer available for a supported operating system. Microsoft Internet Explorer (IE) 10 will reach end of support on January 31, 2020. From that point forward, IE 11 will be the only supported version of Internet Explorer on Windows Server 2012 and Windows Embedded 8 Standard.
Critical vulnerabilities in Microsoft Edge have increased six-fold since its inception two years ago. In the near future, Edge will have a Chromium based engine, meaning that both Google Chrome and Edge could have the same flaws at the same time, leaving no "safe" mainstream browser to use as a mitigation strategy to Edge vulnerabilities.
VULNERABILITIES DISCOVERED
INCREASE IN VULNERABILITIES SINCE 2013*
MITIGATED BY REMOVING ADMIN RIGHTS
CRITICAL VULNERABILITIES DISCOVERED
250
Microsoft Internet 200 Explorer & Edge Vulnerabilities 150 (2013-2018)
100 Total number of vulnerabilities
Total number of critical vulnerabilities
50
0 2013
2014
2015
2016
2017
2018
*Microsoft Edge was released in 2017, so only 2 years of historical data are available.
Office Vulnerabilities
Vulnerabilities in Microsoft Office continue to rise year over year, and they hit a record high of 102 in 2018. Removing admin rights would mitigate 100% of critical vulnerabilities in all Microsoft Office products in 2018 (Excel, Word, PowerPoint, Visio, Publisher and others).
VULNERABILITIES DISCOVERED
Microsoft Vulnerabilities Report 2019 6
MITIGATED BY REMOVING ADMIN RIGHTS
PRODUCT VIEW
INCREASE IN VULNERABILITIES SINCE 2013
CRITICAL VULNERABILITIES DISCOVERED
120
100
80
Microsoft Office Vulnerabilities 60 (2013-2018)
40
Total number of vulnerabilities
Total number of critical vulnerabilities
20
0 2013
2014
2015
2016
2017
2018
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- getting the most out of microsoft edge
- troubleshooting login issues after a recent dbras upgrade
- verimark microsoft edge setup kensington
- supported browsers for netsuite
- microsoft vulnerabilities report 2019
- remote deposit capture scanner installation guide for windows
- quick start microsoft edge
- razer edge windows 8 1 upgrade instructions
- accessing dod enterprise email and other dod websites
- wellsky sams browser configuration and login instructions
Related searches
- microsoft 10k report 2018
- amazon annual report 2019 pdf
- microsoft word report templates free
- human development report 2019 pdf
- walmart annual report 2019 pdf
- journal citation report 2019 impact factors
- starbucks annual report 2019 pdf
- microsoft publisher report templates
- microsoft expense report template free
- auditor general report 2019 zambia
- apple annual report 2019 pdf
- microsoft annual report 2018 pdf