Inside Microsoft’s security threat landscape (and how you can protect your company)

Throughout the past few years, Microsoft has faced a slew of negative news over a series of vulnerabilities and hacks. So, it’s no wonder that vulnerabilities in Microsoft products are an attractive attack vector. According to a report from the Cybersecurity and Infrastructure Security Agency (CISA), Microsoft systems has had 238 cybersecurity deficiencies reported since the beginning of 2022, which is 30% of all vulnerabilities discovered so far this year. 

In 2021, major agencies like the National Security Agency (NSA), FBI, CISA and CIA detailed the 15 most common vulnerabilities and exposures (CVEs) exploited by hackers. Of those, 60% (nine) were due to deficiencies in Microsoft’s designed, operated and owned systems, including seven CVEs within Microsoft’s Exchange Server.

This is even more alarming when you consider that Microsoft holds a dominant share (85%) of U.S. government workplace procurement and IT systems, essentially putting the entire government at risk of a hack. 

Microsoft made headlines again in late 2021, when it warned customers that the Azure cloud platform had configuration errors in a component which, enabled by default, had exposed data for the past two years. As a result, thousands of customers that rely on the Azure Cosmos DB — including household names like Exxon and Coca-Cola, were exposed to the possibility that an attacker could read, write or delete data without authorization.

Threat actors exploited multiple yet-to-be-disclosed Microsoft flaws and zero-day bugs, allowing attacks to be executed remotely, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported…