Microsoft's Vulnerabilities Hit Record High, Says 2025 BeyondTrust Report
BeyondTrust has released its annual Microsoft Vulnerabilities Report, revealing a record-breaking number of reported Microsoft vulnerabilities in 2024. Despite ongoing security improvements, attackers continue to exploit key weaknesses, particularly those related to privilege escalation and remote code execution. The 2025 report provides an in-depth analysis of data from security bulletins publicly issued by Microsoft throughout the previous year, providing valuable information about vulnerability trends and the evolving threat landscape to help organizations understand, identify, and address the risks within their Microsoft ecosystems.
Key findings from the 2025 report include: A total of 1,360 Microsoft vulnerabilities were reported in 2024, marking an all-time high and an 11% increase over the previous record of 1,292 in 2022.
Elevation of Privilege (EoP) vulnerabilities comprised 40% (554) of all reported vulnerabilities.
Security Feature Bypass vulnerabilities surged by 60%, increasing from 56 in 2023 to 90 in 2024, increasing the pressure to reduce software vulnerabilities at the design stage through secure coding and threat modeling.
Critical vulnerabilities across the Microsoft ecosystem continued to decline overall in 2024.
Microsoft Edge vulnerabilities increased by 17% to 292 total vulnerabilities, including 9 critical vulnerabilities in 2024, compared to zero in 2022.
Microsoft Azure and Dynamics 365 vulnerabilities plateaued in 2024.
There were 587 Windows vulnerabilities in 2024; 33 were critical.
Windows Server had 684 vulnerabilities in 2024; 43 were critical.
Microsoft Office vulnerabilities nearly doubled from 2023, reaching 62 in 2024.
Although the total number of vulnerabilities has risen, the longer-term trend shows the pace of growth appear is stabilizing. This, combined with the continued downward trend toward fewer critical vulnerabilities, suggests Microsoft's security initiatives and improvements in the security architecture of modern operating systems are paying off.
However, while vulnerability growth appears steady, the report also highlights the complexity of securing today's vast and diverse ecosystems, where evolving technologies, features, and interdependencies continue to introduce risk.
Key predictions and takeaways from this year's report include: Unpatched systems remain an easy target, opening the door for widespread exploitation.
Microsoft's expanding tech stack, including cloud and AI services, will continue to introduce new attack surfaces.
Novel vulnerabilities will emerge as attackers find new and creative ways to bypass defenses.
Patches alone are insufficient—they can fail or introduce stability risks, underscoring the need for layered defenses.
Threat actors are shifting tactics, increasingly targeting identities and privileges over traditional exploits.
Despite the changing threat landscape, some security fundamentals remain unchanged:
1) Software vulnerabilities are as inevitable as death and taxes
2) Enforcing least privilege remains one of the most effective strategies to reduce risk—even against zero-days and reverse-engineered patches
3) Defense-in-depth strategies that combine prevention with detection and response offer the strongest protection—including against modern, identity-based threats.
'This year's data offers a clear reminder that the threat landscape isn't slowing down—it's rapidly evolving,' said James Maude, Field Chief Technology Officer at BeyondTrust. 'The sustained dominance of Elevation of Privilege vulnerabilities highlights how valuable privileges are to attackers and why they will continue to target identities with privileges to move laterally and gain access to critical systems. These trends reinforce the need for organizations to focus not just on patching, but on securing the underlying Paths to Privilege™ across their environments to reduce the attack surface of every identity and point of access.' 0 0
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Broadcast Pro
2 days ago
- Broadcast Pro
SESs 7th and 8th O3b mPOWER satellites set to begin connectivity services
With these satellites, SES is enhancing the O3b mPOWER network to serve customers across multiple market segments SES has announced that the latest pair of O3b mPOWER satellites launched in December 2024 is now ready to offer services across the globe. Featuring redesigned payload power modules, the seventh and eighth O3b mPOWER satellites are bolstering the capabilities of SESs second-generation medium earth orbit (MEO) system, supporting the delivery of high throughput and predictable low latency services at scale. To date, SES has launched eight out of 13 O3b mPOWER high-throughput and low-latency satellites. The next O3b mPOWER launch is scheduled for summer 2025. SES has also expanded its strategically located satellite ground stations, and now has 12 operational O3b mPOWER gateways located in South Africa, Peru, Brazil, Portugal, Australia, Greece, the US, Chile, the United Arab Emirates and Senegal. Five out of these are co-located and operated by Microsofts Azure data centres. Our O3b mPOWER services are in high demand and we were eagerly awaiting the additional satellites to strengthen our MEO network, said Adel Al-Saleh, CEO of SES. As we continue to deploy additional O3b mPOWER satellites, we are bringing substantially more capacity and improved network efficiency, resulting in a threefold increase in available capacity by 2027 to better serve our mobility, government, enterprise and cloud customers. SES started offering O3b mPOWER services worldwide since April 2024 and has been delivering high-performance network services to customer sites across Asia-Pacific, Africa, the Middle East and the Americas in multiple market segments. The systems exceptional flexibility means it can provide services ranging from tens of Mbps to multiple gigabits per second of capacity to any site.
Middle East Eye
2 days ago
- Middle East Eye
For Palestinians, to exist is to resist Israel's war of annihilation
In a speech to the UN General Assembly on 22 September 2023, Israeli Prime Minister Benjamin Netanyahu brandished a map in which the occupied Palestinian territories were no longer distinguishable from Israel, as he threatened Iran while touting the future glories of artificial intelligence (AI) and a world in which Israel would lead the region into a limitlessly bright future. Less than a month later, Israeli AI-driven technologies such as Lavender, Gospel, and Where's Your Daddy - developed in partnership with US corporate giants like Microsoft, Google and Amazon - exponentially boosted target banks, resulting in the murder of tens of thousands of Palestinian men, women and children, wiping out entire families in one fell swoop. The following year, at the 27 September 2024 General Assembly, Netanyahu doubled down on his earlier claims, further amplifying his division of the world: "As Israel defends itself against Iran in this seven-front war, the lines separating the 'blessing' and the 'curse' could not be more clear." By then, at least 41,000 Palestinians had already been killed in Gaza by Israeli air, naval, artillery and ground attacks. This against a people - needless to say, but still needing to be said - with no air force, air defences, navy, or mechanised units, not to mention bomb shelters or, most of the time, electricity. What is finally becoming clear to more and more people is that, as far as Israel is concerned, Palestinian resistance begins with simply existing. New MEE newsletter: Jerusalem Dispatch Sign up to get the latest insights and analysis on Israel-Palestine, alongside Turkey Unpacked and other MEE newsletters This resistance through "being" then extends to all other human activities: breathing, sleeping, eating, walking, farming, giving birth, and on, ad infinitum, to everything a person might do in life. Thus, every Palestinian, by virtue of their very existence, is considered a "legitimate" target. Carceral geography Since the inception of Zionism, colonisation in Palestine has exerted every possible effort to erase, usurp and fragment the land and its indigenous people into ever-smaller and less contiguous areas and communities. We have now reached a point where, in addition to the wholesale destruction in Gaza, there are towns and cities in the occupied territories where Palestinian residents must pass through checkpoints simply to exit their own homes. In some towns, Palestinians must pass through checkpoints just to exit their own homes. This extreme spatial fragmentation has been replicated inside Israel's vast prison system - at least until the more recent mass kidnappings and torture of Palestinian hostages, primarily from Gaza but also from the West Bank. Netanyahu's brazen display at the UN in 2023, his aim to expand the Abraham Accords at the expense of any possibility of Palestinian self-determination, the relentless atomisation of Palestinian land and society, and mass incarceration without charge, trial or hope of release - are all elements of the incendiary mix that exploded in Operation al-Aqsa Flood on 7 October 2023. No matter one's opinion of it, the stated aim of the operation was to unify a deeply fragmented Palestinian population under the banner of resistance - with the support of other resistance movements - while capturing prisoners of war and hostages to exchange for Palestinians held hostage in occupation prisons. The sentiments expressed by prisoners in the first exchanges between Israel and Hamas are so distant from western conceptions of individual personhood as to seem almost incomprehensible. Follow Middle East Eye's live coverage of the Israel-Palestine war Muhammed al-Arda, understanding all too well the enormity of the collective sacrifice involved, declared: "If you gathered all the poems, elegies, proverbs and sayings of the land, they would not do justice to Gaza." Another said: "Our freedom was paid for by the blood of the martyrs of Gaza. We owe them a debt that can never be repaid." Narrowing the frame The propaganda of so-called liberal democracies narrows the horizons of thought, severely limiting our ability to make sense of what is actually happening. When the official 9/11 Commission recommended the need to "bureaucratise imagination", it was not forecasting some future Orwellian dystopia, but describing the world we were already living in. With all the terminology used in discussing Israel and Palestine - genocide, apartheid, settler colonialism, anti-Zionism, and more - the key missing words remain "imperialism" and "national liberation". Trump's Middle East moves revive the question of who's in charge Read More » We cannot, for instance, even speak about Palestinian armed resistance - their political or military strategies, successes or failures - without first making a disclaimer of some kind. Under the standards his administration has set for ordinary civilians, it would seem that President Donald Trump's own team should be charged with consorting with "terrorists", as they negotiated the release of dual US-Israeli citizen and soldier Edan Alexander. The absurdities abound and multiply, as does the impunity: mere hours after Alexander's release, the Israelis assassinated journalist Hassan Eslaih, reducing to rubble the hospital where he was being treated after a previous assassination attempt. They went on to execute 12-year-old Mohammed Bardawil, the sole surviving witness to the actions of Major Nikolai Ashurov and Israeli tanks during the execution of UN field security supervisor Kamal Shatout, during the massacre of 15 Palestinian paramedics and other civilians on 23 March 2025. Since Alexander's release, the litany of new weapons tests, executions, forced displacement to new kill zones, systematic hospital destruction, and the use of starvation as a tool of genocide has continued apace. Breaking the spell As the "two-state solution" fades further into fantasy in the minds of western leaders - buying time for Israel to steal more Palestinian land, destroy more homes, and displace and kill more people - it might be time to open the floodgates of imagination. While many credit student movements and public opinion with ending the US war in Vietnam, the more decisive factor - rarely acknowledged - was the insubordination of US soldiers. Urban uprisings also pulled the National Guard away from overseas deployment. How many more generations will be enslaved to guard the imperial front of US interests, upholding a totalitarian, colonial ideology that dominates their lives? In Vietnam, whole units were known to refuse orders, sabotage operations, and refuse to engage in combat. "Fragging" - the use of fragmentation grenades against overzealous officers - was not limited to a few isolated cases. One book alone, Fragging: Why US Soldiers Assaulted Their Officers in Vietnam, documents 500 such incidents. We have become so accustomed to self-incriminating social media posts by Israeli soldiers - cheering the demolition of homes, mosques, hospitals, schools and universities; prancing around in women's clothing in vandalised and destroyed homes - that it is almost impossible to conjure anything else. But can we even imagine these same soldiers refusing orders, let alone bearing arms against their commanding officers or staging a revolt? How many "existential" wars will they be expected to fight? How many more generations will be enslaved to guard the imperial front of US interests, upholding a totalitarian, colonial ideology that dominates nearly every aspect of their lives - and every aspect of Palestinian life? Once there was "denazification"; then came "de-Baathification". Did they work? What about "de-Zionisation"? Could it work? Could we even imagine a democratic Palestine, from the river to the sea? Is this genocide yet another attempt to forestall that inevitability - by etching irreversible traumas into bodies and minds? From Balfour to the present As we travel down the road of Sykes-Picot 2.0 - with Syria's newly installed regime negotiating with Israel, and Lebanon on the path to becoming a protectorate - we are witnessing the culmination of processes set in motion by the 1917 Balfour Declaration. These processes were vividly imagined in Abdelrahman Munif's Cities of Salt, and most cogently analysed in Ghassan Kanafani's The Revolution of 1936–1939 in Palestine, written in the shadow of the Naksa, the 1967 "setback" and what has come to be known as Black September. Kanafani's text, as Palestinian editor and educator Hazem Jamjoum has noted, "has everything to do with the imperialist victory over the Arab and internationalist liberation movements in the 1970-1971 war in Jordan." As if written today, Kanafani notes in his introduction: "In the years 1936–39, the Palestinian revolutionary movement was dealt a devastating blow by the three formations that have since evolved to become the major forces working against the people of Palestine: reactionary Palestinian leaders, Arab regimes surrounding Palestine, and the alliance between Zionism and imperialism." As the US shores up support among Gulf oil and other Arab regimes while silencing dissent on imperial policies regarding genocide and famine in Gaza, and as Mahmoud Abbas's collaboration forces repress uprisings in the West Bank, what has actually changed? We are at a crossroads. The forces arrayed against justice in and for Palestine remain largely the same, though their firepower and technological reach have expanded dramatically, as shown by the entourage of CEOs accompanying Trump to Saudi Arabia, including Palantir's openly genocidal Alex Karp. But Palestinian resistance must not only be further understood, it must be embraced by anyone who hopes to retain earthly and spiritual value while rejecting the despair and nihilism spreading across the political and cultural spectrum. Israel and its western allies have made their choice unmistakably clear: total destruction, mass population transfer, genocide, and full compliance with their agenda. Most Arab regimes have also chosen to lavish Trump with gifts while offering not a single loaf of bread for Gaza. As the lines are drawn, the question remains: who else will join the struggle for justice, and what form will it take? The views expressed in this article belong to the author and do not necessarily reflect the editorial policy of Middle East Eye.
Zawya
4 days ago
- Zawya
AI-driven search ad spending set to surge to $26bln by 2029, data shows
Spending on AI-powered search advertising is poised to surge to nearly $26 billion by 2029 from just over $1 billion this year in the U.S., driven by rapid adoption of the technology and more sophisticated user targeting, data from Emarketer showed on Wednesday. Companies that rely on traditional keyword-based search ads could experience revenue declines due to the growing popularity of AI search ads, which offer greater convenience and engagement for users, according to the research firm. WHY IT'S IMPORTANT Search giants such as Alphabet-owned Google and Microsoft's Bing have added AI capabilities to better compete with chatbots such as OpenAI's ChatGPT and Perplexity AI, which provide users with direct information without requiring to click through multiple results. Apple is exploring the integration of AI-driven search capabilities into its Safari browser, potentially moving away from its longstanding partnership with Google. The report has come as concerns grew about users increasingly turning to the chatbots for conversational search and AI-powered search results could upend business models of some companies. Online education firm Chegg said in May that it would lay off about 248 employees as it looks to cut costs and streamline operations because students are using AI-powered tools including ChatGPT over traditional edtech platforms. QUOTE "Publishers and other sites are feeling the pain from AI search. As they lose out on traffic, we're seeing publishers lean into subscriptions and paid AI licensing deals to bolster revenue," Emarketer analyst Minda Smiley said. AI search ad spending is expected to constitute nearly 1% of total search ad spending this year and 13.6% by 2029 in the U.S., according to Emarketer. Sectors such as financial services, technology, telecom, and healthcare are embracing AI as they are seeing clear advantages in using the technology to enhance their ad strategies, while the retail industry's adoption is slow, the report said. Google recently announced the expansion of its AI-powered search capabilities into the consumer packaged goods sector through enhancements in Google Shopping. (Reporting by Jaspreet Singh in Bengaluru; Editing by Maju Samuel)
