CP
cyberpings

Microsoft Vulnerabilities Surge - Critical Flaws Increase

A new report reveals a troubling increase in critical Microsoft vulnerabilities. With fewer total flaws, the severity of issues is rising. Organizations must act quickly to enhance their security posture.

VulnerabilitiesHIGHUpdated: Published:
Featured image for Microsoft Vulnerabilities Surge - Critical Flaws Increase

Original Reporting

SCSC Media

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, Microsoft has more serious security problems now, even though the total number of flaws has dropped.

What Happened

A recent report by BeyondTrust has revealed a twofold increase in critical vulnerabilities within Microsoft software, even as the overall number of flaws decreased by 6% to 1,273 this year. This indicates a concerning trend where fewer vulnerabilities are being discovered, but those that are found are increasingly severe.

Key Findings

The report highlights that vulnerabilities in Microsoft Office have tripled, reaching 157 critical flaws. Additionally, significant issues within the Office suite increased tenfold. Tools essential for routine business operations also experienced alarming growth in vulnerabilities.

A notable attack vector involves the preview window feature, which automatically renders content. Attackers exploit this by running malicious code as soon as a user highlights an attachment, requiring no further interaction from the user. This makes it particularly dangerous for users who may not be aware of the risks.

In 2025, there were 780 vulnerabilities associated with Windows Server, with 50 classified as critical. Microsoft's cloud services, including Azure and Dynamics 365, reported nine times more significant defects despite having fewer overall bugs. This underscores a shift in risk concentration, particularly around privileged access.

What This Means

James Maude, BeyondTrust's Field Chief Technology Officer, warns that this trend signifies that risk is not diminishing; rather, it is becoming more concentrated. The increase in critical vulnerabilities poses significant challenges for organizations relying on Microsoft products, as they may face heightened security threats.

Recommended Actions

Organizations using Microsoft software should prioritize patch management and vulnerability assessments. Here are some steps to consider: By staying vigilant and proactive, organizations can better protect themselves against these emerging threats.

Containment

  • 1.Regularly update all Microsoft products to the latest versions.
  • 2.Implement robust security measures to monitor and restrict access to sensitive data.

🔒 Pro Insight

🔒 Pro insight: The concentration of critical vulnerabilities in Microsoft products indicates a shift in threat landscape, necessitating immediate remediation efforts.

SCSC Media
Read Original

Share

Related Pings

Preview image for RedSun Vulnerability - Critical Risk in Microsoft Defender
Vulnerabilities
CRITICAL

RedSun Vulnerability - Critical Risk in Microsoft Defender

A critical zero-day vulnerability in Microsoft Defender allows low-privileged users to gain SYSTEM access. No patch is available, making immediate mitigation essential. Learn how to protect your systems now.

QLQualys Blog
Read PingRead Source
Preview image for Microsoft GitHub RCE Vulnerability - Critical Flaw Fixed
Vulnerabilities
HIGH

Microsoft GitHub RCE Vulnerability - Critical Flaw Fixed

A critical flaw in a Microsoft GitHub repository allowed remote code execution via issue submissions. This vulnerability could have exposed sensitive tokens, risking significant misuse. Microsoft has since fixed the issue, but it highlights the need for better security practices.

SCSC Media
Read PingRead Source
Preview image for AVAST Antivirus 25.11 - Critical Unquoted Service Path Flaw
Vulnerabilities
HIGH

AVAST Antivirus 25.11 - Critical Unquoted Service Path Flaw

A critical vulnerability in AVAST Antivirus 25.11 allows local users to execute code with elevated privileges. This flaw poses serious security risks, prompting immediate attention from users. Stay informed about potential patches and safeguard your system.

EDExploit-DB
Read PingRead Source
Preview image for Throttlestop Kernel Driver - Privilege Escalation Vulnerability
Vulnerabilities
HIGH

Throttlestop Kernel Driver - Privilege Escalation Vulnerability

A critical vulnerability in the Throttlestop kernel driver could allow attackers to gain elevated privileges on Windows systems. This poses a significant security risk. Users should take immediate action to protect their systems.

EDExploit-DB
Read PingRead Source
Preview image for Anthropic Bets on EPSS to Manage Vulnerability Surge
Vulnerabilities
HIGH

Anthropic Bets on EPSS to Manage Vulnerability Surge

Anthropic's Mythos accelerates vulnerability discovery, prompting a need for effective prioritization. EPSS offers a way to manage the influx of new vulnerabilities. Security leaders are adapting to this rapid change, but challenges remain in critical sectors.

CSCSO Online
Read PingRead Source
Preview image for Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution
Vulnerabilities
CRITICAL

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution

A critical flaw in Cohere AI's Terrarium sandbox allows attackers to execute code with root privileges. This poses a significant risk to sensitive data. Users are urged to take immediate action to secure their systems.

THThe Hacker News
Read PingRead Source