Microsoft’s security record in this period is regrettable, since last month Microsoft’s Azure service was attacked, the company is facing more and more criticism.
Microsoft disclosed a major vulnerability in its Azure platform on July 12 last month, while admitting that a hacker group called Storm-0558 had attacked it. The attack reportedly affected 25 organizations, and a large number of corporate executives and government officials had their emails stolen.
According to CyberSecurityDive, U.S. Senator Ron Wyden sent a letter to the U.S. Department of Justice last week asking it to hold Microsoft accountable for “negligent cybersecurity practices,” and he also revealed that Tenable, a cybersecurity firm, found another serious cybersecurity vulnerability in Microsoft’s Azure service. He also revealed that Tenable, a cybersecurity firm, had discovered another serious cybersecurity vulnerability in Microsoft’s Azure service, which Microsoft delayed fixing for three months after discovering the vulnerability.
Cybersecurity firm Tenable reportedly discovered the vulnerability in March of this year, which allows hackers to break into companies using Microsoft’s Azure service, and Ron Wyden claimed that after Tenable notified Microsoft, it took Microsoft “more than 90 days to implement a partial fix,” and that only after the fix was implemented did the company Ron Wyden claims that after Tenable notified Microsoft, it took “more than 90 days to implement a partial fix” and that only after the fix was implemented would companies that had completely redeployed their Azure services be unaffected by the vulnerability, thus requiring them to incur an additional cost to keep their organizations secure.
▲Source Cybersecurity firm Tenable
Microsoft’s cybersecurity record is “worse than most people think,” according to Amit Yoran, CEO of cybersecurity firm Tenable, in an article published on LinkedIn.
Amit Yoran argues that Microsoft, a large company in the industry, has appeared to be “extremely irresponsible, if not blatantly negligent,” in its treatment of consumers and even business customers. He also pointed out that Google’s “Project Zero” (Project Zero) data shows that since 2014, the “zero-day vulnerability” list, of Microsoft products accounted for 42.5%.
Microsoft senior director Jeff Jones has responded to the incident, he said:
We appreciate working with the security community to responsibly disclose product issues. We follow an extensive process that includes a thorough investigation, development of updates for all affected product versions, and compatibility testing in other operating systems and applications. Ultimately, the development of security updates requires a delicate balance between timeliness and quality, while ensuring maximum protection and minimal disruption to our customers.