While the tech companies paint the picture of an extremely perfidious and capable attacker in the SolarWinds hack, official investigations come to slightly different results. Microsoft in particular is being criticized.
The Redmond corporation is not to blame for the massive attack but favoured it with its negligence. At least these are the results of the first investigations that the Senate Intelligence Committee carried out into the consequences of the attack on a number of US authorities. Nine federal agencies in the United States were affected by the attack.
Senator Ron Wyden, who chairs the committee, expelled, according to a report from ITNews Among other things, a vulnerability with which attackers can extend their rights in Microsoft’s cloud services. An exploit against this vulnerability was also part of the arsenal that was used in the SolarWinds hack. Security researchers first pointed out the loophole in question in 2017, but it was not eliminated or not resolved consistently enough. And users were not adequately informed about the problem either so that they might have taken their own protective measures.
Microsoft is writhing
“The federal government spends billions on Microsoft software,” said Wyden in the run-up to a parliamentary hearing on the SolarWinds incident that is to take place today. Before it is clear why the company did not warn of the problem that it has known for years, from his point of view one should first stop shopping there.
Microsoft representatives rejected the accusations from Wyden, however. In a written statement, they excuse themselves from the fact that the form of attack known as the “Golden SAML” had never been observed in the wild before. And neither the private sector nor the state security community saw the vulnerability as a particular risk. Whether that is enough to justify years of doing nothing seems questionable. In addition, Microsoft admitted that it had not taken any additional protective measures in order to be able to perhaps better recognize the misuse of access rights.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital Marketing, Social Media, Business News, and Technology News, with vast experience in the media industry, I have a keen interest in business technology, News breaking.