Can Microsoft Security Copilot provide better cybersecurity insights and fix vulnerabilities?

  • The total number of Microsoft vulnerabilities reached 1,292, setting a new record in the BeyondTrust report’s 10-year history.
  • However, Microsoft’s Security Copilot, powered by OpenAI’s GPT-4 may not get everything right.

Microsoft has undergone significant changes over the past decade. In 2013, the company’s market capitalization stood at US$314 billion, which increased to US$1.79 trillion by 2022. The most notable acquisition in 2013 was Nokia for US$7.2 billion, while the largest acquisition in 2022 was Activision, setting a gaming industry record of US$70 billion and becoming Microsoft’s largest acquisition ever. Despite Microsoft’s advancements and the recent introduction of Microsoft Copilot, what hasn’t changed? Vulnerabilities.

BeyondTrust, a leader in intelligent identity and access security, unveiled the 2023 Microsoft Vulnerabilities Report. Celebrating its 10th anniversary, the report offers insights into the Microsoft vulnerability landscape. The report analyzes 2022 Microsoft vulnerabilities, emphasizing trends and prominent CVEs while detailing attacker exploitation methods and suggesting prevention or mitigation strategies.

Understanding Microsoft’s critical vulnerabilities

Let’s explore Microsoft’s critical vulnerabilities. Their impact is measured by effects on confidentiality, integrity, and availability of data. Critical vulnerabilities have attributes that could lead to high-impact security incidents if exploited.

Microsoft’s severity ratings are separate from assessing exploitation likelihood, which is generally more fluid. The report highlights notable 2022 CVEs and explains exploitation methods and preventive measures.

According to the report, Microsoft organizes vulnerabilities into categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing. Elevation of Privilege remained the most prevalent category in 2022.

Highlights from the report showed that in 2022, the total number of Microsoft vulnerabilities reached 1,292, marking the highest figure since the report’s inception a decade ago. Not only is the growing quantity of vulnerabilities concerning, but the distinct risks and impacts associated with each individual vulnerability are a threat, too.

Findings also showed that for the third year in a row, Elevation of Privilege continues to be the leading vulnerability category, accounting for 55% (715) of the total Microsoft vulnerabilities in 2022. Microsoft Azure and Dynamics 365 contribute the company’s most significant financial and vulnerability growth. In 2022, 6.9% of Microsoft vulnerabilities were also deemed ‘critical,’ while in 2013, 44% were categorized as ‘critical.’

Over the last decade, Microsoft vulnerabilities have risen in every category, with a 650% surge in Elevation of Privilege vulnerabilities. The overall increase in vulnerabilities has been driven by new Microsoft products, particularly Azure and Dynamics 365, which saw a 159% rise in vulnerabilities in the past year alone—primarily attributed to one product, Azure Site Recovery Suite.

Is Microsoft Security Copilot the answer to vulnerabilities conundrum?

Microsoft recently introduced a new era of security powered by OpenAI’s GPT-4 generative AI — the Microsoft Security Copilot. This groundbreaking security product enables defenders to operate at the speed and scale of AI.

Security Copilot merges the advanced large language model (LLM) with a security-specific model developed by Microsoft, which integrates an expanding set of security skills, Microsoft’s exclusive global threat intelligence, and over 65 trillion daily signals. Operating on Azure’s hyperscale infrastructure, Security Copilot delivers a security and privacy-compliant experience suitable for enterprise-grade requirements.

Can Microsoft Copilot improve vulnerabilities?

Microsoft Security Copilot (Source – Microsoft)

What makes Microsoft Copilot Interesting is its capabilities to continually learn and improve to help ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques and procedures. The product will provide ongoing access to the most advanced OpenAI models to support demanding security tasks and applications. Its visibility into threats is powered by both the customer organization’s security data and Microsoft’s vast threat analysis footprint. Organizations that do not have large security teams and have a shortage in the field can make the most of this.

Interestingly, Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity, and Management at Microsoft, acknowledged in a blog post that Security Copilot doesn’t always get everything right. AI-generated content may contain errors. However, Security Copilot is a closed-loop learning system that continuously learns from users and allows them to provide explicit feedback through a built-in feature. By learning from these interactions, Microsoft refines the system’s responses to generate more coherent, relevant, and helpful answers.

She highlights unrivaled security capabilities with Security Copilot, enhancing defenders’ agility by merging leading security technologies and AI advancements. Working with Security Copilot provides organizations access to:

  • Advanced OpenAI models for demanding security tasks;
  • A security-specific model with continuous learning and user feedback;
  • Visibility and up-to-date threat intelligence from 65 trillion daily signals;
  • Seamless integration with Microsoft’s comprehensive security portfolio;
  • A growing list of exclusive skills and prompts to enhance security teams’ expertise.

As Jakkal mentioned in her blog, while Security Copilot shows great promise in enhancing Microsoft’s vulnerability management, it is unlikely to resolve the issue completely. As a closed-loop learning system, Security Copilot constantly improves based on user feedback, which is a significant advantage. It aids defenders in detecting hidden malicious activities and provides real-time threat insights and security analyst expertise. However, since AI-generated content may contain errors, Security Copilot’s accuracy may not always be guaranteed.

Therefore, it is essential to continue refining the system and not solely rely on it to address all of Microsoft’s vulnerability concerns.