Today, the 12th annual Microsoft Vulnerabilities Report was released, revealing alarming new discoveries about the top software giant’s security environment. A new report we released this year shows a shocking increase in overall vulnerabilities. In 2024, that number climbed to 1,360—a new historic high since the start of these reports. This jump highlights the critical imperative for enterprises to strengthen their cybersecurity defenses against a growing threat environment.
The report goes on to explain how the Elevation of Privilege (EoP) category made up a whopping 40% of all vulnerabilities in the past year. Of these vulnerabilities, Windows systems made up 587, with 33 of those being critical. Meanwhile, Windows Server has been hit with 684 vulnerabilities, with 43 classified as critical. This detailed breakdown offers organizations a laser-focused look at just what risks they face from Microsoft’s products.
Instead of just listing these vulnerabilities, the report goes further and flags important Common Vulnerabilities and Exposures (CVEs) in each product. It offers a five-year trend analysis for each product. This allows stakeholders to understand the progress made by vulnerabilities and security challenges over time. These types of insights are invaluable for organizations hoping to make smarter moves in their journeys through the security strategy landscape.
Our report contains many expert opinions and recommendations from this diverse group of cybersecurity professionals. Read the blog Coalition for Cybersecurity Policy White Paper Security Advisor Anton Chuvakin’s advice on cutting through the noise. To learn more, we spoke with maltreatment researcher Dr. Henrik Parkkinen, Cybersecurity Leader, one of the key contributors. Finally, Kip Boyle, Chief Information Security Officer at Cyber Risk Opportunities LLC, and Sami Laiho, Senior Technical Fellow and Microsoft MVP. Each of these perspectives represents an entirely different interpretation on how organizations should strengthen their security postures.
Charles Henderson, Vice President, Cybersecurity Services at Coalfire, brings deep practical insights that are of great value. So too Paula Januszkiewicz, CEO & Owner of CQuire, Chuck Brooks, Subject Matter Expert, DHS CISA, Marc Maiffret CTO @BeyondTrust. Their combined experience underscores the critical importance of enforcing least privilege. They further recommend moving to a zero-trust framework to shore up protections inside the Windows ecosystem.
Our report takes a closer look at our flagship Secure Future Initiative (SFI). It underscores evolving long-term security trends that organizations need to be aware of as they create their own cybersecurity strategies. Together, these snapshots reveal acute vulnerabilities and a growing trend of anti-trans attacks. The report is an invaluable resource for IT leaders looking to bolster their cyber defenses against an ever-evolving array of threats.