The Evolving Cybersecurity Vulnerability Landscape

In 2023, Microsoft addressed a staggering 911 vulnerabilities, with a peak of 131 in July alone. This raises questions about the urgency and risk associated with these issues. SonicWall's Capture Labs conducted an in-depth analysis of each 'Patch Tuesday' release, examining not just the number of vulnerabilities, but their practical impact. 

The cybersecurity landscape remains complex. While major vendors like Microsoft are patching vulnerabilities at rapid rates, attackers are becoming more sophisticated. 

Overall, attacks climbed 20% globally across 2023. The rise of different attack types, the increase of AI-powered threats and the prevalence of unpatched vulnerabilities highlight the need for a multi-layered approach. 

SonicWall firewalls thwarted over 3.28 million attacks related to Microsoft vulnerabilities in 2023, highlighting the importance of taking 'Patch Tuesday' seriously. The analysis revealed that while July had the highest number of vulnerabilities, December had the lowest. Microsoft also tracked vulnerabilities being actively exploited at the time of discovery, with July and November being key months.

Every year, many organisations' primary focus is on patching vulnerabilities related to Remote Code Execution. However, among the 21 exploited vulnerabilities, over half were attributed to Elevation of Privilege and nearly one-fourth to Security Feature Bypass.

This suggests that while Remote Code Execution vulnerabilities are more newsworthy, in the context of Microsoft vulnerabilities, attackers tend to exploit Elevation of Privilege vulnerabilities more frequently.

Additionally, when considering Microsoft's Exploitability Index, it revealed that while 107 vulnerabilities were more likely to be exploited, only four were added to CISA’s known exploited category post 'Patch Tuesday'. Notably, three of these were Elevation of Privilege vulnerabilities, emphasising the prevalence of attackers targeting this category.

The disparity between the number of vulnerabilities and those actually exploited underscores the need for businesses to prioritise and monitor threats effectively.

Despite often receiving lower CVSS and exploitability probability scores, Elevation of Privilege vulnerabilities are frequently the most attractive to threat actors. Therefore, organisations should prioritise these vulnerabilities in their cybersecurity strategies.

Microsoft's operating system, with a 72% market share, remains a prime target for cyber attackers. However, only about 3% of the 911 vulnerabilities addressed in 2023 were exploited. The low exploitation rate serves as a testament to Microsoft's unwavering commitment to bolstering security, illustrating the escalating difficulty for cybercriminals to exploit vulnerabilities within their ecosystem.

It's crucial to understand that cybersecurity is not a one-time task but an ongoing process. As the threat landscape evolves, so too must our strategies to counter potential attacks. This involves not only staying abreast of the latest threats and vulnerabilities but also adapting our security measures accordingly. For instance, the shift towards remote and hybrid work models has introduced new challenges, necessitating the adoption of robust endpoint security solutions. Similarly, our focus should shift from relying only on CVSS criticality score, to using a combination of data driven metrics to understand what attackers are leveraging to attack business.

By continually assessing and updating their security posture, businesses can ensure they are well-equipped to handle the dynamic nature of cyber threats, thereby safeguarding their digital assets and maintaining the trust of their customers and stakeholders.

Businesses must adopt a proactive and informed approach to safeguard against vulnerabilities. Proactive measures such as focusing on building teams to perform product security testing in addition to regular patching, prioritising critical updates, and implementing a comprehensive vulnerability management program are essential.

Regular technical audits can identify potential weaknesses, provide an understanding of important supply chain components, and partnering with a Managed Service Provider (MSP) can offer continuous monitoring and proactive defence strategies.

Above all, staying informed about the latest cybersecurity threats and trends can help businesses anticipate and prepare for potential risks, significantly reducing their susceptibility to cyberattacks.

Douglas McKee is Executive Director of Threat Research at SonicWall

Image: Allison Saeng

You Migh Also Read: 

Threat Intelligence Exposes The Extent of Cyber Attacks:

DIRECTORY OF SUPPLIERS - Threat Intelligence:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Phishing-as-a-Service Platform LabHost  Is Turned Over
Securing The Paris Olympic Games »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

IT.ie

IT.ie

IT.ie are a comprehensive provider of Managed IT Services, Cloud Solutions, Cyber Security, and proactive IT support services.

DefectDojo

DefectDojo

DefectDojo is a DevSecOps and vulnerability management tool.