Microsoft Security Vulnerabilities Rise in 2014 | eWeek

Microsoft Security Vulnerabilities Rise in 2014

microsoft and it security
Écrit par
Nathan Eddy
Nathan Eddy
Apr 6, 2015
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Eighty percent of all Microsoft security vulnerabilities in 2014 could be mitigated by removing admin rights, according to a report from Avecto, which analyzed data from security bulletin Microsoft issued throughout 2014.

Of the 240 vulnerabilities Microsoft classified as critical, 97 percent were mitigated this way. Overall, the number of critical vulnerabilities in 2014 was up 63 percent, from 147, over 2013

In 2014, 300 vulnerabilities were reported across Windows XP, Vista, Windows 7 and Windows 8 operating systems, compared to 253 in 2013. A total of 245 vulnerabilities were reported that affected IE versions 6-11. That figure compares to just 123 reported vulnerabilities in 2013.

The report found 99.5 percent of all vulnerabilities in Internet Explorer (IE) could be mitigated by removing admin rights, 95 percent of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights, and 97 percent of Critical Remote Code Execution vulnerabilities could be mitigated by removing admin rights.

Microsoft bulletins, which provide solutions for known security issues, are issued on the second Tuesday of each month, a date commonly known as Patch Tuesday.

User accounts with admin privileges are primary targets for exploitation, as they provide unrestricted access to an endpoint, enabling malware to bury itself deep inside the operating system, cloak itself from detection and then spread more readily across the network.

Employees with admin rights have the ability to install, modify and delete software and files, and they can also change system settings, potentially introducing even more vulnerabilities.

Additional Microsoft Services not included in the Microsoft Office, Windows Server, Internet Explorer or Windows O/S summaries that are included in the bulletins include SharePoint, Access, Exchange and .Net Framework.

There were 22 reported vulnerabilities affecting these services in 2014, with four classed as critical.

The report concluded that cyber criminals are becoming increasingly sophisticated and targeted in bypassing security controls, instead targeting individual users as a way to gain entry to corporate files and data.

The study suggested one of the most effective ways to mitigate such threats is to remove administrator rights from users completely, using privilege management and application control technology to allow all users to function effectively under a standard user account.

“Complement this by layering security strategies as part of a Defense in Depth (DiD) approach. The overlap of these layers of defense aim to ensure that the shortcomings of one security control are covered by another,” the report stated. “For example, in the gap between a patch being discovered and applied, Sandboxing technology will trap and contain online threats so that data remains secure.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.