BeyondTrust offers to come back to the key figures of its 2022 report on Microsoft vulnerabilities.
Each week, its figure commented on by cybersecurity expert Matthieu Jouzel, solutions engineer at BeyondTrust.
There are 349 vulnerabilities in IE and Edge, a record, but only 6 critical vulnerabilities, which is also a record, but the lowest record
“Three key factors are essentially responsible for the sharp increase in Edge vulnerabilities and the decrease in its critical vulnerabilities. The first is the consolidation of the browser market, now that Edge is moving to a Chromium base. With the downgrading of the Internet Explorer browser, cybercriminals are focusing on Edge and Chrome. The deprecation of often exploited plug-ins, such as Adobe Flash, is further accelerating this trend. Rather than targeting deprecated plug-ins, browsers are targeted. Second, Google has increased transparency in reporting vulnerabilities and now offers more attractive financial incentives for reporting them. In 2021, Google paid out nearly $3.1 million in rewards for bugs reported in Chrome vulnerability reports. And finally, the number of Microsoft critical vulnerabilities has decreased where the total number of vulnerabilities has increased sharply. This is due to improvements in the browser’s security architecture. Indeed, cybercriminals must chain several exploits to trick the browser and be able to execute the code on the underlying system. Previously, a single exploit could be enough to compromise a system. Now, you have to find several non-critical vulnerabilities in the hope of being able to chain them together to carry out an attack. »