Inside Microsoft’s security threat landscape (and how you can protect your company)

by | Oct 28, 2022 | Technology

Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9. Hear from executives from Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.

Throughout the past few years, Microsoft has faced a slew of negative news over a series of vulnerabilities and hacks. So, it’s no wonder that vulnerabilities in Microsoft products are an attractive attack vector. According to a report from the Cybersecurity and Infrastructure Security Agency (CISA), Microsoft systems has had 238 cybersecurity deficiencies reported since the beginning of 2022, which is 30% of all vulnerabilities discovered so far this year. 

In 2021, major agencies like the National Security Agency (NSA), FBI, CISA and CIA detailed the 15 most common vulnerabilities and exposures (CVEs) exploited by hackers. Of those, 60% (nine) were due to deficiencies in Microsoft’s designed, operated and owned systems, including seven CVEs within Microsoft’s Exchange Server.

This is even more alarming when you consider that Microsoft holds a dominant share (85%) of U.S. government workplace procurement and IT systems, essentially putting the entire government at risk of a hack. 

Microsoft made headlines again in late 2021, when it warned customers that the Azure cloud platform had configuration errors in a component which, enabled by default, had exposed data for the past two years. As a result, thousands of customers that rely on the Azure Cosmos DB — including household names like Exxon and Coca-Cola, were exposed to the possibility that an attacker could read, write or delete data without authorization.

Event
Low-Code/No-Code Summit
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register Here

Threat actors exploited multiple yet-to-be-disclosed Microsoft flaws and zero-day bugs, allowing attacks to be executed remotely, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported that attackers were chaining the pair of zero-days to deploy Chinese Chopper web shells on compromised servers for persistence and data theft. 

Due to the constant hacks and vulnerabilities discovered within Microsoft’s product ecosystem, …

Article Attribution | Read More at Article Source

Share This