Recent analysis of Microsoft vulnerabilities reveals a concerning trend: while the total number of disclosed vulnerabilities has remained relatively stable, the number of critical vulnerabilities has doubled year-over-year, indicating a shift in attacker strategies, according to Bleeping Computer.
The 2026 Microsoft Vulnerabilities Report highlights a significant increase in critical vulnerabilities, doubling from 78 to 157. This surge reverses a multi-year downward trend and suggests that attackers are focusing on stealthier methods. Elevation of Privilege vulnerabilities now account for 40% of all disclosed issues, alongside a 73% rise in Information Disclosure flaws.
This indicates a move away from noisy exploits towards methods that allow for quiet privilege escalation and lateral movement using legitimate credentials and Living Off the Land tactics. This trend is particularly alarming in cloud and business platforms like Microsoft Azure and Dynamics 365, where critical vulnerabilities jumped from 4 to 37.
Productivity software, specifically Microsoft Office, also saw a dramatic increase, with critical vulnerabilities rising tenfold. The report emphasizes that patch management alone is insufficient, and organizations must prioritize vulnerabilities that enable privilege escalation, identity abuse, and lateral movement, especially with the increasing use of AI agents and the need for robust AI security posture management. Source: Bleeping Computer
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
