The number of vulnerabilities in Microsoft products reported to be more than doubled from 325 in 2013 to 685 in 2017 as reported by Avecto in Microsoft Vulnerabilities Report 2017 .  Moreover there has been a record 232 new windows vulnerabilities reported in this year, taking the total number of Windows vulnerabilities to 587, the number 132% higher than the figure reported five years back.  According to Avecto the report has been composed by summarizing Microsoft Security Update Guide.

Vulnerabilities have been categorized by impact for each specific product it affects. These categories consist of: Remote Code Execution, Elevation of Privilege, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing and Tampering.

The products scoring maximum number of vulnerabilities obviously has been windows, where the critical vulnerabilities has been up by 46% since 2013. However 79% of total 587 reported windows vulnerabilities can be mitigated by removing admin right.

Other Microsoft products claiming significant share of vulnerabilities has been Microsoft Edge, Internet Explorer, Microsoft Office and Windows Server.

Key Findings:

  • Removing admin rights would mitigate 80% of all Critical Microsoft vulnerabilities in 2017.
  • The number of reported vulnerabilities has risen 111% over five years (2013-2017).
  • There has been a 54% increase in Critical Microsoft vulnerabilities since 2016 and 60% in five years (2013-2017).
  • 95% of Critical vulnerabilities in Microsoft browsers can be mitigated by removing administrator rights.
  • There has been an 89% increase in Microsoft Office vulnerabilities in the past five years.
  • Almost two thirds of all Critical vulnerabilities in Microsoft Office products are mitigated by removing admin rights.
  • Despite being widely regarded as the most secure Windows OS ever, Windows 10 vulnerabilities rose by 64% in 2017.
  • Removing admin rights would mitigate almost 80% of Critical vulnerabilities in Windows 10 in 2017.
  • Critical vulnerabilities in Microsoft Browsers are up 46% since 2013.
  • 88% of all Critical vulnerabilities reported by Microsoft over the last five years would have been mitigated by removing admin rights.