aidarrow-end-inversearrow-endWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareResources.iconsResources.iconsResources.iconsResources.iconsResources.iconsResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Download the report


Compiled by Avecto, this report analyzes the data from security bulletins issued by Microsoft throughout 2015. Microsoft bulletins are typically issued on the second Tuesday of each month, a date commonly referred to as "Patch Tuesday", and contain fixes for vulnerabilities affecting Microsoft products that have been discovered since the last bulletin's release. Network administrators, Security Managers and IT Professionals then respond to the update as quickly as they are able, ensuring the patches are rolled out across their systems to protect against the known vulnerabilities.

In 2015, it was widely reported that Microsoft's Patch Tuesday approach would change for all Windows 10 devices, with an approach of patches being released as soon as they are available. This effectively increases response time by as much as a month, cutting down the time between a vulnerability being discovered (Zero Day) and the patch being rolled and applied.

The 2015 Microsoft Vulnerabilities Report is the third iteration of Avecto's research. In 2014, the same report found a total of 240 vulnerabilities with a Critical rating. This year's report reveals 251 Critical vulnerabilities; an increase of around 5% year on year and 71% increase on the 2013 study.

The overall number of vulnerabilities has risen significantly in this period, from 345 to 524, representing an annual increase of 52%.

The report finds that the risk associated with 85% of Critical vulnerabilities could be mitigated by removing admin rights.

Download the full report

The 2015 Microsoft vulnerabilities report takes an in-depth look at the vulnerabilities affecting Internet Explorer, Windows, Office, Windows Server and more - highlighting the clear case for admin rights removal in the enterprise as part of a proactive approach to endpoint security.