Elevation of privilege is top Microsoft vulnerability: BeyondTrust 2024 report

The unauthorised elevation of privilege (access) within an organisation’s network by malicious actors continues to be the top cybersecurity vulnerability, according to BeyondTrust’s 2024 Microsoft Vulnerabilities Report. 

Elevation of privilege, also known as privilege escalation, happens when an attacker who has infiltrated a network with lower privileges, like only the ability to read documents but not edit them, gains access to functions or content that are reserved for users or applications with higher privileges. 

Produced annually by BeyondTrust, the report analyses data from security bulletins publicly issued by Microsoft throughout the previous year. 

Learn more in this video!

In its 11th year of publication, this year’s report notes that, after hitting an all-time high in 2022, the total number of observed (or recorded) vulnerabilities continued its four-year holding pattern near the highest-ever recorded numbers, that is between 1200 and 1300, incidents. 

The elevation of privilege vulnerability category accounted for 40 per cent of the total vulnerabilities seen in 2023. 

Denial of service type of attacks climbed 51 per cent to hit a record high of 109 in 2023, with spoofing showing a dramatic 190 per cent increase – from 31 to 90 incidents. 

Denial of service is an attack that shuts down a machine or network, making it inaccessible to intended users. 

Total number of critical vulnerabilities keeps downward trend 

While the total number of critical vulnerabilities has reduced over the years, it slowed its descent this year, dropping by only six per cent to 84 incidents in 2023 (five less than that in 2022).

On the elevation of privilege vulnerabilities, the report adds that despite it being the top vulnerability category, the actual number of incidents have decreased from 715 to 490, which is a substantive 31 per cent drop.

The research attributes this improvement primarily due to reduced Azure and Windows Server vulnerabilities.

This is welcome news, since these systems are often public-facing and much more likely to hold substantial amounts of sensitive data and privileged service accounts than, for example, a Windows desktop system.

The study adds a note of caution, saying that while the reduction of elevation of privilege vulnerabilities is a “very positive trend that directly reduces a threat actor’s options”, organisations cannot just rely on a lack of these vulnerabilities to protect access to privileges. 

“It is still essential to maintain a robust privilege access management strategy to remove and secure privileges within an environment to prevent them from falling into the hands of an attacker,” the report observes.

Identity-based infiltration 

The report observes that with Microsoft software vulnerabilities going down, attackers are increasingly re-focusing their efforts on exploiting identities. It notes that Midnight Blizzard “represents a prime example of what can happen when threat actors get innovative with identity-based infiltration tactics”.

Using this tactic, threat actors can use social engineering or stolen credentials to introduce their code into an environment without the need for a software vulnerability, the report warns. 

Similarly, when it comes to elevating privileges, it might be easier for hackers to hijack an already-privileged account than exploit a software vulnerability or a misconfiguration in the environment to access the privileges needed.