Inside Microsoft's Security Threat Landscape (and How You Can Protect Your Business)

Register now for your free virtual pass to the November 9 Low-Code/No-Code Summit. Hear from the leaders of Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.

Over the past few years, Microsoft has faced a slew of negative news regarding a range of vulnerabilities and hacks. It's no wonder, then, that vulnerabilities in Microsoft products are an attractive attack vector. According to a Cybersecurity and Infrastructure Security Agency (CISA) report, Microsoft systems have reported 238 cybersecurity breaches since the start of 2022, or 30% of all vulnerabilities discovered so far this year.

In 2021, major agencies such as the National Security Agency (NSA), FBI, CISA, and CIA detailed the 15 most common vulnerabilities and exposures (CVEs) exploited by hackers. Of these, 60% (nine) were due to failures in systems designed, operated and owned by Microsoft, including seven CVEs within Microsoft's Exchange Server.

This is even more alarming when you consider that Microsoft owns a dominant share (85%) of U.S. government workplace IT purchases and systems, essentially exposing the entire government to a risk of hacking.

Microsoft made headlines again in late 2021 when it warned customers that the Azure cloud platform had misconfigurations in a component that, when enabled by default, had exposed data over the past two last years. As a result, thousands of customers who rely on Azure Cosmos DB, including household names like Exxon and Coca-Cola, have been exposed to the possibility that an attacker could read, write, or delete data without permission. /p> Event

Low-Code/No-Code vertex

Join today's top leaders at the Low-Code/No-Code Summit virtually on November 9. Sign up for your free pass today.

Threat actors have exploited multiple Microsoft flaws and as-yet-undisclosed zero-day bugs, allowing attacks to be executed remotely, according to claims by security researchers from Vietnam's GTSC cybersecurity team, who have first spotted and reported that attackers were chaining the pair of zero-days to deploy Chinese Chopper web shells on compromised servers for persistence and data theft.

Due to constant hacks and vulnerabilities being discovered in Microsoft's product ecosystem, other contemporaries, such as Google, are now expected to overtake the security innovation space. Recently, at its Cloud Next '22 event, Google announced a rapid vulnerability detection service. The tool is a zero-configuration service of Security Command Center Premium that detects vulnerabilities such as exposed administrative interfaces, weak credentials, and incomplete software installations.

As a household name and tech giant, what is missing from Microsoft's cybersecurity practices? And what does the future of these threats look like?

Over the past 15 years, Microsoft has made strides in hardening the Windows kernel, the heart of the operating system (OS) that hackers must effectively manage to control a machine. Introducing strict new limits on loading system drivers that could run in kernel mode was the cornerstone of this development...