GoKawiilAuthored by: Morey J. Haber, Chief Security Advisor, BeyondTrust, and James Maude, Field Chief Technology Officer, BeyondTrust
As analyzed in the 2026 Microsoft Vulnerabilities Report, Microsoft disclosed 1,273 vulnerabilities in 2025, which represents a dip from 1,360 the prior year. The good news seems to be that total Microsoft vulnerabilities have remained in a stable range from 2020 – 2026.
But those numbers are the wrong ones to watch. Critical vulnerabilities doubled year-over-year, surging from 78 to 157, reversing a multi-year downward trend.
Stability in total vulnerability volume conceals instability in impact, and that is where organizations should focus their attention.
The most important clue in this data is not how many vulnerabilities were disclosed, but where they are concentrated and what they enable threat actors to potentially compromise.
Where the Risk Is Concentrating
The dominance of Elevation of Privilege vulnerabilities (accounting for 40% of all CVEs) combined with a 73% rise in Information Disclosure flaws, tells us attackers are prioritizing stealth and reconnaissance over noisy exploits.
Privilege is where vulnerabilities become breaches. Threat actors no longer need noisy exploits or mass malware campaigns if they can quietly escalate access and move laterally using legitimate credentials and Living Off the Land tactics.
This trend aligns with real-world breach patterns, where initial access is often mundane, but impact is amplified through excessive privilege, misconfigurations, and weak identity controls.
Nowhere is this more concerning than in cloud and business platforms. Microsoft Azure and Dynamics 365 decreased slightly in total vulnerability count, but critical vulnerabilities spiked dramatically, jumping from 4 to 37 in a single year.
... continue reading