It was a record-breaking year for Microsoft in 2024 -- but not in the way you'd think.
BeyondTrust's 12th annual Microsoft Vulnerabilities Report, released today, found that despite ongoing security improvements, attackers continue to exploit key weaknesses, particularly those related to privilege escalation and remote code execution, and that led to a total of 1,360 Microsoft vulnerabilities reported in 2024, marking an all-time high and an 11% increase over the previous record of 1,292 in 2022.
The report analyzes data from security bulletins publicly issued by Microsoft throughout the previous year.
While total vulnerabilities increased, the good news is that critical vulnerabilities dropped to an all-time low of 78 in 2024, compared to 84 in 2023 and a whopping 196 back in 2020. Microsoft Office experienced 62 vulnerabilities in 2024, almost double that of 2023 and Security Feature Bypass vulnerabilities tripled since 2020, from 30 to 90, signaling that attackers are going after legacy security controls. Check out more about the report here.
As always, drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Grab your coffee. Here's what you need to know today.
Today’s Tech, Channel and MSP News
1. Sherweb adds DefensX to marketplace: MSP cloud marketplace Sherweb is now making DefensX available to its MSP customers. DefensX secures users’ browsers and helps MSPs identify and block access to malicious domains. DefensX includes identity protection, data loss prevention, human risk intelligence and credential protection, among other capabilities, the companies said.
2. Cato Networks adds AI security controls for CASB: SASE provider Cato Networks has introduced new generative AI security controls for Cato CASB to help security and IT leaders manage shadow AI. Cato CASB is a native feature in the Cato SASE Cloud Platform, with new capabilities for GenAI applications including a shadow AI dashboard and policy engine. With the shadow AI dashboard, enterprises can detect, analyze, and gain insights into the use of GenAI. With the policy engine, enterprises can take control of user activities in GenAI applications.
3. Prowler teams up with InstaSecure for cloud security: Open source, multi-cloud security platform Prowler has announced a partnership with InstaSecure, the companies said. The partnership combines Prowler’s insights with InstaSecure’s rapid remediation engine to identify vulnerabilities across AWS, Azure, GCP, and Kubernetes. It also organizes and remediates them at scale using industry-standard guardrails.
4. Symantec introduces incident prediction: Symantec by Broadcom introduced today its Incident Prediction capability, which the company said can accurately predict an attacker’s next four or five moves with up to 100% confidence. The solution is part of Symantec Endpoint Security Complete (SES-C), which uses AI to predict, disrupt, and recover from cybersecurity incidents - including living-off-the-land (LOTL) attacks.
5. TeKnowledge unveils new branding, services: MSP TeKnowledge has announced a new brand identity and the launch of its AI-First Expert Technology Services, an integrated model for helping customers accelerate transformation across AI, customer experience, and cybersecurity. TeKnowledge is launching a unified technology service model that combines strategy, delivery, and continuous improvement—strategically rooted in expertise and AI.
