Despite Uneven Progress, a Picture of Elevated Vulnerabilities Remains.
EXECUTIVE SUMMARY
Now in its ninth year, the Microsoft Vulnerabilities Report provides a unique analysis of the vulnerability landscape in Microsoft’s ecosystem.
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s
platforms and products, and has established an undeniable business case for the importance of
removing admin rights to reduce risk.
In November 2020, Microsoft announced they would be changing how they report their vulnerabilities in the Microsoft Security Update Guide.
This change involved switching over to the industry-standard Common Vulnerability Scoring System (CVSS). While the new reporting system brings benefits – such as creating parity and opportunity for comparability with third-party bug reporting – it also creates some visibility challenges, which we will explore.
As with prior versions, this year’s report findings will help you to better understand and address risks within the Microsoft ecosystem.
