US Senator Attacks Microsoft Over SolarWinds Hack

US Senator Wyden Microsoft

While the tech companies paint the picture of an extremely perfidious and capable attacker in the SolarWinds hack, official investigations come to slightly different results. Microsoft in particular is being criticized.

The Redmond corporation is not to blame for the massive attack but favoured it with its negligence. At least these are the results of the first investigations that the Senate Intelligence Committee carried out into the consequences of the attack on a number of US authorities. Nine federal agencies in the United States were affected by the attack.

Senator Ron Wyden, who chairs the committee, expelled, according to a report from ITNews Among other things, a vulnerability with which attackers can extend their rights in Microsoft’s cloud services. An exploit against this vulnerability was also part of the arsenal that was used in the SolarWinds hack. Security researchers first pointed out the loophole in question in 2017, but it was not eliminated or not resolved consistently enough. And users were not adequately informed about the problem either so that they might have taken their own protective measures.

Microsoft is writhing

“The federal government spends billions on Microsoft software,” said Wyden in the run-up to a parliamentary hearing on the SolarWinds incident that is to take place today. Before it is clear why the company did not warn of the problem that it has known for years, from his point of view one should first stop shopping there.

Read More: Windows 10 Update Removes Touch Keyboard Due To Bugs

Microsoft representatives rejected the accusations from Wyden, however. In a written statement, they excuse themselves from the fact that the form of attack known as the “Golden SAML” had never been observed in the wild before. And neither the private sector nor the state security community saw the vulnerability as a particular risk. Whether that is enough to justify years of doing nothing seems questionable. In addition, Microsoft admitted that it had not taken any additional protective measures in order to be able to perhaps better recognize the misuse of access rights.

Leave a Reply

Your email address will not be published. Required fields are marked *