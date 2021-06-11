Global Edition
Privacy & Security

Report: Windows had most security vulnerabilities of any Microsoft product last year

Elevation of privilege was the most frequently detected issue in Microsoft products, followed by remote code execution and information disclosure.
By Kat Jercich
June 11, 2021
03:35 PM

Photo: HIMSS Media

An Atlas VPN analysis published this week found that the number of vulnerabilities in Microsoft products reached 1,268 this past year.  

Windows, the product with the most security issues, had a total of 907 vulnerabilities – 132 of which were classified as critical.  

"These numbers are a massive problem because every Microsoft product has millions of users," said Ruth Cizynski, a cybersecurity researcher and author at Atlas VPN, in a statement accompanying her findings.  

WHY IT MATTERS  

Cizynski, who based her analysis on a BeyondTrust report from earlier this year, noted that elevation of privilege was the most frequently detected issue in Microsoft products, making up nearly half of vulnerabilities in 2020.   

"Such vulnerabilities allow malicious actors to gain higher-level permissions on a system or network. The attacker can then use these privileges to steal confidential data, run administrative commands, or install malware," Cizynski wrote.   

Remote code execution was the second most prevalent vulnerability, allowing bad actors to execute any code of their choice on a victim's device.  

Information disclosure, which takes place when an app unintentionally reveals sensitive data to unauthorized parties, made up 14% of all vulnerabilities in 2020.  

As far as products go, Windows had the most vulnerabilities, with Windows Server having the largest number of critical issues.  

Other Microsoft products, including Edge, Internet Explorer and Office, were also found to have vulnerabilities.  

THE LARGER TREND  

Cybersecurity has taken a major turn in the spotlight this year, with high-profile attacks on major industries (including healthcare networks) emphasizing the importance of robust software protection.

In April, the U.S. Department of Justice announced that the FBI had successfully removed malicious scripts from hundreds of vulnerable computers after a hacking group exploited vulnerabilities in Microsoft Exchange servers.   

And just this week, U.S. Secretary of Commerce Gina Raimondo said President Joe Biden's administration could consider military action in response to ransomware attacks.  

"We are considering all of our options," said Raimondo. "We are not taking anything off the table as we think about possible repercussions, consequences or retaliation."

ON THE RECORD  

"It is important that consumers update their software applications on time," noted Cizynski.  

"Software updates can include security patches that can fix vulnerabilities and save users from getting hacked," she said.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Topics: 
Government & Policy, Privacy & Security, Quality and Safety

More regional news

Oscar Health CEO Mario Schlosser

HIMSSCast: How Oscar Health is taking on legacy players to bring innovation to health insurance

By
Healthcare Finance Staff
June 11, 2021
Healthcare worker in scrubs using a computer in office

Oscar Health's CEO on how insurance companies have transformed during COVID-19

By
Laura Lovett
June 11, 2021
Cloud depicted as hardware

Providence CISO offers tips for a 'pandemic-ready' cyber strategy

By
Mike Miliard
June 11, 2021
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Cloud depicted as hardware
Providence CISO offers tips for a 'pandemic-ready' cyber strategy

Most Read

Biden outlines health IT funding priorities
J&J pause could create challenges for vaccine scheduling, reporting systems
Is cyber insurance a good investment? What healthcare CISOs and CIOs should know
DOJ announces 'successful' FBI hacking attempt to remove Microsoft Exchange cyber threat
AXA and Microsoft join forces to build digital healthcare platform
EU leaders want 'Digital Green Certificates' ready by summer

Research

White Papers

More Whitepapers

Interoperability
Interoperability
Interoperability

Webinars

More Webinars

Interoperability
Population Health
Privacy & Security

Video

Sponsored by
Brian Pelkowski, Genentech's global head of oncology strategy for personalized healthcare
Data is at the heart of personalized healthcare
UHC re-examines ER claims denial policy; iPhone now assesses walking stability
Sponsored by
Devesh Menawat, director of hospital automation at Masimo
What home automation can provide healthcare systems
Sponsored by
Dr. Rowland Illing, CMO and director of International Government Health for Amazon Web Services
The value of tech in improving health outcomes

More Stories

Healthcare worker in mask entering data
AI embedded in the EHR helps prevent adverse medication interactions
A doctor waves at a laptop screen
Telehealth has enabled wider access during COVID-19 – but not for everyone
Devesh Menawat, director of hospital automation at Masimo
What home automation can provide healthcare systems
A doctor with a tablet
When it comes to data modernization, 'tech is only one part of the puzzle'
The Amazon logo
Amazon attracting multiple companies to telehealth service
operating room Houston Methodist Hospital AI
Houston Methodist uses AI brain ultrasound to reduce open heart surgery complications
People attending telehealth appointment on smartphone
To make new tech implementations work, patient consultant says to focus on the person
Person attending telehealth appointment
Atrium Health's quick turnaround allowed for digital innovation during the pandemic