Cybersecurity leader BeyondTrust reports an all-time high of 1,360 Microsoft vulnerabilities in 2024, with significant increases in key categories.
BeyondTrust has released its 12th annual Microsoft Vulnerabilities Report, revealing a record-breaking number of Microsoft vulnerabilities in 2024. The report highlights a total of 1,360 vulnerabilities, an 11% increase from the previous record of 1,292 in 2022. Despite ongoing security improvements, attackers continue to exploit key weaknesses, particularly those related to privilege escalation and remote code execution.
“The sustained dominance of Elevation of Privilege vulnerabilities highlights how valuable privileges are to attackers.”
— James Maude, Field Chief Technology Officer at BeyondTrust
Key Findings:
- Total Vulnerabilities: 1,360 in 2024, up from 1,292 in 2022.
- Elevation of Privilege (EoP) Vulnerabilities: 40% (554) of all reported vulnerabilities.
- Security Feature Bypass Vulnerabilities: Increased by 60%, from 56 in 2023 to 90 in 2024.
- Microsoft Edge Vulnerabilities: Increased by 17% to 292, including 9 critical vulnerabilities.
- Windows Vulnerabilities: 587 total, with 33 critical.
- Windows Server Vulnerabilities: 684 total, with 43 critical.
- Microsoft Office Vulnerabilities: Nearly doubled to 62 in 2024.
James Maude, Field Chief Technology Officer at BeyondTrust, emphasized the importance of securing privileges: “The sustained dominance of Elevation of Privilege vulnerabilities highlights how valuable privileges are to attackers. Organizations need to focus on securing the underlying Paths to Privilege™ to reduce the attack surface.”
The report underscores the complexity of securing modern ecosystems and the need for layered defenses. It also predicts that unpatched systems will remain easy targets and that Microsoft’s expanding tech stack will introduce new attack surfaces.
