Microsoft Vulnerability Severity Surges Despite Overall Decline
Event summary
- BeyondTrust's 13th Annual Microsoft Vulnerabilities Report reveals a 6% decrease in total vulnerabilities to 1,273 in 2025, compared to 1,360 in 2024.
- Critical vulnerabilities doubled year-over-year, rising from 78 to 157.
- Elevation of Privilege (EoP) vulnerabilities accounted for 40% of all reported flaws.
- Azure and Dynamics 365 saw a ninefold increase in critical vulnerabilities.
- Microsoft Office vulnerabilities surged, increasing tenfold year-over-year.
The big picture
While a decrease in overall vulnerability volume might appear positive, the doubling of critical vulnerabilities signals a concerning shift towards higher-impact exploits. This trend is driven by the confluence of AI-powered attack tools, the proliferation of cloud services like Azure and Dynamics 365, and the continued exploitation of privilege-escalation pathways. The report highlights a growing disconnect between vulnerability disclosure and effective mitigation, demanding a more proactive and identity-focused security posture.
What we're watching
- AI Impact
- The accelerating pace of AI-driven vulnerability discovery and exploitation will likely continue to outstrip traditional patching cycles, creating a widening window of exposure for organizations.
- Identity Risk
- The persistent dominance of Elevation of Privilege vulnerabilities underscores the need for a fundamental shift towards identity-centric security strategies, extending beyond traditional vulnerability management.
- Cloud Adoption
- The rapid expansion of critical vulnerabilities in Azure and Dynamics 365 suggests that cloud security practices are lagging behind adoption rates, requiring immediate and focused remediation efforts.
Related topics