back to article In record year for vulnerabilities, Microsoft actually had fewer

Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust. Figures from the National Vulnerability Database (NVD) of the US National Institute of Standards and Technology (NIST) show last year broke all records for security …

  1. Mike 137 Silver badge

    Root causes?

    "Topping the table with 326 and 588 vulnerabilities respectively were Remote Code Execution and Elevation of Privilege flaws"

    Ah, but how did they get in to start with before executing remote code or raising privileges? This is the $64,000 question that nobody seems to write reports about. Although this report does provide a few examples, it's about time someone did a detailed breakdown, as it might lead us towards some quite simple ways to render systems more robust against a wide range of attacks.

    1. Ramis101

      Re: Root causes?

      It usually starts with a Post-it note on the monitor.......

      1. HildyJ Silver badge

        Re: Root causes?

        It usually starts with a user doing something they shouldn't, often with privileges they shouldn't have.

    2. Clausewitz4.0

      Re: Root causes?

      They get in, usually, via other vulnerabilities or already compromised systems.

    3. Richard 12 Silver badge

      Re: Root causes?

      The elevation starts with nuffink to local user, for example via remote code execution vulnerabilities in some web-connected service or application.

    4. LDS Silver badge

      "how did they get in to start with"

      The R in RCE is a hint....

  2. FlamingDeath Silver badge

    Yeah but how many power stations does it need to power the onslaught of windows updates, you know the ones, the ones that say “this will only take a minute”

    You return the following day and its still “updating”, actually its stuck in a fucking loop

    Much like Microsoft, stuck in a loop of backslapping themselves for job “well done”

  3. Anonymous Coward
    Anonymous Coward

    Consumer PCs stiil default to just an admin account don't they? Sorry haven't touched a Windows PC for a long while.

    1. AndrueC Silver badge

      But by and large the consumers don't want the hassle of a secure system. It's probably one of the bigger reasons why we still haven't reached (nor got close to) 'The year of Linux on the desktop'.

      Consumers want the easy life. To most of them a computer should be an invisible assistant that gives them access to the world. They have no interest in the computer itself and don't wish to get involved with it. Windows does a better job in that respect that Linux. Sure it does so by exposing the users to various technical risks but they don't care. That's human nature - live for the moment and ignore the future.

      Build it right or build it to sell.

  4. Anonymous Coward
    Anonymous Coward

    So their stats go down?

    Look at Microsoft's history, this merely indicates that a new version is due :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022