Critical Microsoft vulnerabilities surge as total flaw prevalence declines

A BeyondTrust report found a twofold increase in critical flaws in Microsoft software despite a 6% drop in total vulnerabilities to 1,273 this year, indicating that fewer but more severe security issues are being discovered, reports HackRead.

Microsoft Office vulnerabilities tripled to 157, the number of significant issues in the suite increased tenfold, and tools used for routine business operations experienced the most alarming increase, according to the identity security firm's 13th annual Microsoft Vulnerabilities Report. A lot of these vulnerabilities take advantage of the preview window, which automatically renders material. This vector is being used by attackers to run malicious code as soon as a user highlights an attachment, requiring no other interaction. In 2025, there were 780 Windows Server vulnerabilities, 50 of which were deemed critical. Microsoft's cloud services, Azure and Dynamics 365, had nine times more significant defects despite having fewer overall bugs.

"This is a warning that risk is not decreasing, it is concentrating, and it is concentrating around privilege," said BeyondTrust Field Chief Technology Officer James Maude.