James Maude shares critical insights into vulnerabilities plaguing the Microsoft ecosystem
Windows' Print Spooler service has long been a source of vulnerabilities
4 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Threats and vulnerabilities go hand in hand with technological advancements. As companies continue to ramp up the security infrastructure, threat actors have always found ways to exploit the existing vulnerabilities, especially in the Microsoft ecosystem.
Recently, in an interview with Edge Middle East, James Maude, Field CTO at BeyondTrust, discussed the changing trends in the landscape, expressed concern about the relative stability in critical vulnerabilities, talked about the role of Microsoft, and highlighted how some third-party vendors are unwilling to engage with security researchers, let alone make amends.
When asked about the key findings pertaining to Microsoft’s vulnerabilities, Maude said,
One of the most notable findings is the plateau in critical vulnerabilities. These used to constitute nearly 50% of all vulnerabilities reported by Microsoft each year. Over the past few years, however, this number has stabilised around 100, with recent figures showing 104, 89, and 84 critical vulnerabilities, respectively.
But he didn’t shy away from acknowledging that Microsoft needs to put in more concerted efforts for us to witness a gradual decline in critical vulnerabilities. Because, at present, the numbers have largely been stable.
The lack of a significant decrease suggests that these measures are not as effective as they could be. This plateau indicates that more must be done to address and mitigate vulnerabilities proactively for a company as significant and influential as Microsoft, which dominates much of the IT landscape.
When asked why the stability in critical vulnerabilities should be a concern, James Maude explained that with Microsoft’s expansion in cloud services and the release of new, more secure products, expectations were high that vulnerabilities would reduce. But that hasn’t been the case because the existing vulnerabilities have not yet been completely patched!
Maude then sheds light on why patching vulnerabilities in legacy products turns out to be a challenge, even for tech giants like Microsoft.
The Print Spooler service, for instance, has been a constant source of vulnerabilities year after year. Despite focused efforts, it has taken years to stem the tide of new vulnerabilities in the Print Spooler. This indicates the broader difficulties in managing and securing legacy systems, which often contain old, complex, and sometimes poorly documented code that can be difficult to update and secure without introducing new issues.
Maude also blamed third-party vendors for this concerning trend. Because not all of them tackle such situations with the same energy.
Some companies lack responsible disclosure programs or are unwilling to work with security researchers. For instance, some vendors do not entertain reports of vulnerabilities unless they come from paying customers, while others might issue legal threats to researchers reporting vulnerabilities.
When asked about the future trends in the security landscape, Maude called for increased focus on identity security.
One of the significant trends we’re seeing is a shift towards identity security. With more data moving to the cloud, attackers find it easier to capture user credentials than to exploit endpoint vulnerabilities. This shift necessitates a focus on identity and privilege access management. This trend highlights the need for robust security measures and a holistic approach to managing and securing identities.
Finally, while sharing his views on the role played by generative AI in the vulnerability landscape, Maude explained that it’s both good and bad for the industry. For instance, the use of generative AI to develop codes often introduces vulnerabilities, which, if not detected, can cause significant damage at a later stage.
He also mentioned how threat actors leverage AI to detect and exploit vulnerabilities. That’s evident, as we have all seen a rise in AI-powered cyberattacks!
On the bright side, security analysts can also deploy AI-based tools to augment the security infrastructure. Microsoft, on its part, is using AI to tackle cyberattacks.
It’s an insightful interview that helped me gain an understanding of what goes on behind the curtains when it comes to vulnerabilities in the Microsoft ecosystem and how we could improve the overall landscape!
What do you think? Share with our readers in the comments section.
