Thought Leadership
Microsoft is increasingly in the crosshairs of hackers. According to the latest Microsoft Vulnerabilities Report from security company BeyondTrust, a total of 1,360 vulnerabilities were recorded in Microsoft systems in 2024 – more than ever before.
Compared to the previous record year of 2022, this represents an increase of eleven percent. Particularly serious: many of these vulnerabilities allow user rights to be elevated or malicious code to be executed remotely.
Trend reversal or deceptive calm? Security situation remains tense
Despite the increase in the total number of critical entries, one point has eased: the number of really critical vulnerabilities is falling compared to previous years. This points to more effective protective measures and more secure system architectures. However, the report also makes it clear that the threat situation is shifting: attackers are increasingly focusing on digital identities and privileged access – no longer just traditional software weaknesses.
Top findings from the Microsoft Vulnerabilities Report
- 40% of vulnerabilities relate to privilege escalation: With 554 entries, this remains the most dangerous category.
- 90 cases of security breaches: An increase of 60% compared to 2023.
- Edge browser with increasing risk: 292 vulnerabilities, nine of which are rated as critical.
- Microsoft Office in the spotlight: With 62 security vulnerabilities, almost twice as many as in the previous year.
- Windows remains particularly vulnerable: 587 vulnerabilities in classic Windows systems, 684 in Windows Server – many of them critical.
Growing IT complexity as a risk factor
The report makes it clear that the larger and more diverse the IT landscape, the more difficult it becomes to keep track of potential gateways. New technologies such as AI and cloud services are expanding the attack surface – even though patching and security updates are routine. But these are no longer enough: Incorrect updates or newly emerging vulnerabilities require multi-layered security strategies.
Security strategies of the future: focus on privileges and identities
The authors of the study emphasize: Classic vulnerabilities remain a threat, but modern attacks are increasingly targeting identity misuse and privileged access. Companies are well advised to implement the principle of least privilege (PoLP) and rely on a defense-in-depth strategy that combines prevention, detection and response.
Conclusion: security remains a race
Unpatched systems, creative evasion tactics and new fields of technology are increasing the attack surface. The BeyondTrust report shows how dynamically the threat situation is developing – and that only a strategic, identity-centered approach can provide long-term protection.
Further information:
The complete Microsoft Vulnerabilities Report 2025 is available here.
(vp/BeyondTrust)
