Microsoft has been enhancing the security of its products with each passing year, and statistics show that the bulletin count dropped in 2014. Now this is an improvement everyone can get behind.
An indication that Redmond had fewer products to patch this year.
Wolfgang Kandek, CTO of Qualys revealed the list that showed the software titan published a total of 85 bulletins for its software solutions this year — easily down from 106 in 2013 and 100 in 2011. Good going, all round.
Now obviously, it does not reflect the number of vulnerabilities that have been unearthed in Microsoft software, as a single bulletin often fixes more than one flaw at once.
But it does point to an increased focus on security from the company, and that’s always good.
In terms of individual software, while Internet Explorer has really improved in terms of security, it still led the charts. The number of CVEs in the browser increased in 2014, with a record reached in June.
As Kandek explained:
“We saw Internet Explorer under intense scrutiny by security researchers leading to a large number of addressed CVEs, an effect which has only recently slowed down with Microsoft’s changes to the memory allocation process in IE.”
Although in depth and detailed statistics are not provided, Remote Code Execution Flaws remain a critical threat. In most cases these allow attackers that successfully exploit Microsoft software to get the same privileges as the logged in user.
Let’s just hope for even smoother sailing next year.