Microsoft

Microsoft Condemned For Not Quickly Fixing The Security Issues

Microsoft is once again being criticized for its handling of the security of its platforms. A security researcher accuses the company of a “culture of toxic concealment” that can only be described as “grossly irresponsible”.

Comprehensive criticism

The stumbling block is the fact that information from the security community is always dealt with relatively laxly. Patching vulnerabilities often takes much longer than necessary – and even when they do, it doesn’t always seem to be done with the seriousness it deserves, and the vulnerabilities are then only partially patched. At least that is the core of criticism from Amit Yoran, head of the security company Tenable.

This has now turned public on LinkedIn to those responsible at Microsoft. He describes a problem with a critical vulnerability in the Azure platform that his employees reported to the group. Microsoft implemented a patch for this on Monday, which only partially solved the problem.

However, there was definitely enough time for an in-depth investigation and the development of a solution, explained Yoran. After all, the information about the vulnerability was sent to Redmond back in March and Microsoft now had 16 weeks. In the meantime, Microsoft has also set a date for a final correction: September 28th.

It lasts longer than expected

“To give you an idea of ​​how bad the problem is, our team got access to a bank’s authentication secrets very quickly,” Yoran said. The security researchers were so concerned about the severity of the problem that they contacted Microsoft immediately. However, some disillusionment followed after it took over 90 days for at least part to be fixed.

Tenable wants to keep details of the vulnerability under lock and key, as the security of various Microsoft cloud customers can be endangered via the vulnerability. “Once the details of this vulnerability are known, exploiting it is relatively trivial. For this reason, we are withholding all technical details,” it said in a statement.

This is not the only case either. The security company Sygnia also reported a problem in the Azure infrastructure that makes it possible to intercept credentials via man-in-the-middle attacks or to steal cryptographic hashes of passwords. And both cases have nothing to do with the recent break-ins in Microsoft’s cloud services.

Strong words

“What you hear from Microsoft is ‘trust us,’ but what you get back is very little transparency and a culture of toxic obfuscation,” Yoran said. “How can a chief of security, a board of directors, or an executive team believe that Microsoft will do the right thing given the facts and current behavior? Microsoft’s track record puts us all at risk. And it’s even worse than we thought.”

Share
Published by
Yasir Zeb
Tags: microsoft

Recent Posts

Samsung Galaxy Tab S12 Ultra Leak shows design of the high-end tablet

New render images provide a preview of the upcoming Samsung Galaxy Tab S12 Ultra. While…

7 hours ago

TSMC wants to remain No. 1 in chips: A14, A13, A12 nodes from 2028

Taiwan Semiconductor Manufacturing Company (TSMC) has once again provided an outlook on its plans for…

7 hours ago

Apple iPad Mini 8 with OLED screen probably coming in autumn

The iPad Mini could soon see notable innovations for the first time in years. According…

8 hours ago

Pixel 11 Pro Fold Leak: Expected function appears to be missing

A current leak shows Google's upcoming folding smartphone in a new color variant. In addition…

8 hours ago

Tesla to introduce a bike, but not in the way you might think

The car manufacturer Tesla has brought a new two-wheeler onto the market. However, this is…

8 hours ago

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

24 hours ago