Groowe Groowe BETA / Newsroom
⏱ News is delayed by 15 minutes. Sign in for real-time access. Sign in

BeyondTrust’s 13th Annual Microsoft Vulnerabilities Report Reveals Drop in Total Volume, But Surge in Critical Risk

globenewswire.com
MSFT The report highlights a surge in critical vulnerabilities for Microsoft's Azure and Dynamics 365 platforms, indicating increasing risk and exploitability despite a potential stabilization in total vulnerability volume. This suggests a concentration of risk around privilege escalation.

BeyondTrust’s 13th Annual Microsoft Vulnerabilities Report Reveals Drop in Total Volume, But Surge in Critical Risk ATLANTA, April 21, 2026 (GLOBE NEWSWIRE) -- BeyondTrust, the global leader in privilege-centric identity security protecting Paths to Privilege™, today released the 13th edition of its annual Microsoft Vulnerabilities Report, revealing a critical shift in the vulnerability landscape: while total vulnerability volume appears to be stabilizing, critical vulnerabilities have surged, indicating that severity and exploitability of vulnerabilities are rapidly increasing.

The report, which provides an in-depth analysis of data from publicly issued Microsoft security bulletins published throughout 2025, highlights a shifting risk profile driven by AI-accelerated vulnerability discovery, expanding cloud adoption, and increasingly sophisticated attacker strategies targeting identity and privilege.

“Don't be distracted by the dip in total vulnerabilities. Critical vulnerabilities doubled. This is a warning that risk is not decreasing, it is concentrating, and it is concentrating around privilege. Elevation of Privilege made up 40% of all vulnerabilities again this year because that is exactly what attackers need to reach critical systems,” said James Maude, Field CTO at BeyondTrust.

“A ninefold increase in Azure and Dynamics 365 critical vulnerabilities shows where that concentration is happening. Combined with the rising tide of identity compromise attacks that exploit standing privilege, patching alone will not close this gap. The organizations that weather this are the ones treating every vulnerability and identity, human or machine, as a potential path to privilege in their most critical systems, and shrinking those paths before an attacker reaches them.”

Key Highlights from the Report: A Surface-Level Decline Masks a Deeper Shift in Risk

At first glance, this decline suggests improvement, potentially reflecting that Microsoft’s continued investment in security is maintaining control, despite a rapidly expanding attack surface. However, it may also indicate that traditional vulnerability tracking is no longer capturing the full picture, particularly as AI-driven systems, non-human identities (NHIs), and complex cloud architectures introduce risks that don’t always map cleanly to CVEs.

At the same time:

Cloud and Enterprise Platforms Drive Critical Risk Expansion

The report found sharp increases in critical vulnerabilities across key Microsoft platforms that had previously seen declining vulnerability activity:

While critical risk surged across cloud and enterprise platforms, other areas showed signs of improvement:

Security Takeaways:

Key Priorities for Organizations:

Download the full 2026 Microsoft Vulnerabilities Report here: https://www.beyondtrust.com/resources/whitepapers/microsoft-vulnerability-report

About the Report

The BeyondTrust Microsoft Vulnerabilities Report is based on publicly disclosed vulnerabilities from Microsoft security bulletins and provides a comprehensive analysis of trends across operating systems, cloud platforms, and enterprise applications.

Now in its 13th year, the report serves as a trusted resource for security professionals, providing valuable information about vulnerability trends and the evolving threat landscape to help organizations understand, identify, and address the risks within their Microsoft ecosystems and beyond.

About BeyondTrust

BeyondTrust is the global leader in privilege-centric identity security protecting Paths to Privilege™. Identity alone doesn’t create risk. Privilege does. As human, non-human, and AI agent identities explode across every environment, BeyondTrust is the only company built to discover, control, and secure privilege across all of them from a single platform. Trusted by 20,000 customers, including 75 of the Fortune 100, and recognized as a multi-category leader by Gartner, Forrester, and KuppingerCole, BeyondTrust turns identity security from a management problem into a strategic advantage.

Learn more at www.beyondtrust.com.

Follow BeyondTrust:

X: https://twitter.com/beyondtrust

Blog: https://www.beyondtrust.com/blog

LinkedIn: https://www.linkedin.com/company/beyondtrust

Facebook: https://www.facebook.com/beyondtrust

For BeyondTrust:

BeyondTrust Public Relations

P: (516)-521-5582

E: BeyondTrust@icrinc.com