Google, Microsoft Amassed the Most Vulnerabilities in H1 2021

September 16, 2021 - Google and Microsoft amassed the most vulnerabilities compared to other major tech companies in the first half of 2021, research from Atlas VPN revealed. During the first half of 2021, Google accumulated 547 registered vulnerabilities. Microsoft followed close behind at 432.

Both Microsoft and Google maintain a vast suite of services, making them prime targets for cyberattacks. It also means that vulnerabilities are more common and can be more detrimental if left unchecked.

Google Chrome has more than 3 billion users, making it a lucrative opportunity for hackers. With more users comes more vulnerabilities and more potential cyberattack victims.

Bad actors also took advantage of Microsoft Exchange Server vulnerabilities and deployed ransomware, while other attackers planted cryptocurrency miners from the post-exploit web shells.

“Cybercriminals are constantly attempting to exploit vulnerabilities that affect as many people as possible to maximize their profit opportunities,” the research pointed out.

“While companies rush to fix flaws in their software with updates, users who forget to install the newest version can become prime targets for cyberattacks.”

Oracle racked up 316 vulnerabilities in the first half of the year, usually found in Oracle WebLogic Server. Attackers exploited the vulnerabilities and gained access to the system. Cisco amassed 200 vulnerabilities, and SAP followed behind at 118.

IBM, Apple, Jenkins, Linux, and Aruba all had under 100 vulnerabilities each.

The growing number of vulnerabilities among major technology companies is a legitimate cause for concern. Google, Microsoft, and their competitors have a strong presence across numerous industries, including healthcare.

A Microsoft Power Apps vulnerability discovered by an independent cybersecurity firm recently exposed 38 million records containing personally identifiable information (PII). The breach was attributed to a design flaw in which users who did not enable certain permissions became susceptible to PII exposure.

The breach exposed COVID-19 vaccination records in one Texas county, and struck American Airlines, Ford, the state of Indiana, and Maryland Department of Health, among others.

Not all vulnerabilities are equally dangerous. Atlas VPN analyzed data from the National Vulnerability Database (NVD), which ranked the vulnerabilities by risk level. The tiers ranged from one to ten, with ten being a highly dangerous vulnerability that could enable hackers to exploit and completely take over a system, and one signifying minimal risk of exploitation.  

In the first half of the year, researchers designated over 1,000 vulnerabilities at a tier 10 risk level. Over 900 were issued risk tier 9, and over 2,000 were rated at risk tier 8. Tier 7 consisted of 501 vulnerabilities, and tier 6 consisted of 1,765.

“Exploiting vulnerabilities in Google or Microsoft products allow cybercriminals to probe millions of systems,” the researchers concluded.

“While the tech giants are doing a fair job of keeping up with exploits and constantly update their software, people and organizations need to follow suit and keep up with the updates to prevent further exploitation.”