Microsoft Vulnerabilities Report 2022

The Annual Microsoft Vulnerabilities Report is Here

The ninth annual Microsoft Vulnerabilities Report returns to provide a digestible analysis of the current Microsoft vulnerabilities landscape — even after recent changes in vulnerability reporting.

Two years ago, Microsoft announced changes to their Microsoft Security Update Guide, and a switch to the industry-standard Common Vulnerability Scoring System (CVSS). While the new reporting system brings benefits, it also creates some visibility challenges.

As with prior versions, this year’s Microsoft Vulnerability report is designed to help you better understand and address risks within the Microsoft ecosystem.

Download report now

Key Findings:

1,212 reported vulnerabilities in total — 5% lower than last year.
For the second year in a row, Elevation of Privilege was the #1 vulnerability category.
47% decrease in Critical vulnerabilities year/year — the lowest number since this report began.
349 new vulnerabilities in IE & Edge — almost 4x the prior year total, and a new record.

Read the full report for a deeper dive into these findings. You’ll also gain prescriptive advice for effectively addressing vulnerabilities, alongside access to the expert commentary of noteworthy industry leaders.

Topics Covered in the Report Include:

Vulnerabilities by Category

Find out how vulnerability categories, including Elevation of Privilege, Denial of Service, Remote Code Execution, and more have trended over the last decade, which categories are the most prominent today, and why.

Vulnerabilities by Product

Discover the latest reported vulnerabilities for products including, Internet Explorer, Edge, Windows, Microsoft Office, Windows Server, and Azure.

Highest Impact Vulnerabilities

Review how the most significant vulnerabilities – measured at a CVSS score of 9.0+ – have impacted deployments of Microsoft Exchange Server, Windows DNS, and more.

Expert Opinions and Advice

Hear from notable industry figures such as Sami Laiho, Senior Technical Fellow, MVP; Russell Smith, Editorial Director, Petri IT Knowledgebase; and Paula Januszkiewicz, Security Expert & Penetration Tester. Plus, BeyondTrust’s security leaders Morey Haber, Chief Security Officer, and James Maude, Lead Cyber Security Researcher offer insight.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.