The CEO of cybersecurity company Tenable Amit Yoran (Amit Yoran) made this public incidentThis illustrates Microsoft’s stance on cybersecurity “worse than you think” – The company neglects privacy concerns and unduly delays correcting its own errors.
Microsoft’s latest major cybersecurity incident occurred on July 12, when Chinese hacker group Storm-0558 broke into the Azure cloud platform – the attack affected about 25 organizations and resulted in the theft of confidential correspondence from US government officials. According to the expert, Microsoft demonstrates a systematic disregard for data protection: Tenable managed to find another vulnerability in the Azure infrastructure and the software giant took too long to fix it.
The flaw was discovered in March – it gave potential attackers access to sensitive data, including the resources of one of the banks. Tenable notified Microsoft of the vulnerability, but it was required to do so “More than 90 days to provide partial fix”which, however, only applies “New applications loaded by the service”. Threatened organizations including the same bank, “Who started the service before the fix was released?”are still at risk and are probably unaware of the risk.
Microsoft plans to finally resolve the issue by the end of September, which the expert calls “extreme irresponsibility, if not blatant disregard”. Additionally, according to Google Project Zero, 42.5% of all zero-day vulnerabilities discovered since 2014 were in Microsoft products. Recently, Wiz reported that the Azure hack could potentially have more serious consequences Followthan originally thought, but Microsoft rejected their findings.
Meanwhile, Microsoft CEO Jeff Jones responded to Goran’s criticism. “We value collaboration with the community [кибер]Assurance for responsible disclosure of product issues. We follow a comprehensive process that includes thorough investigation, development of updates for all versions of affected products, and compatibility testing with other operating systems and applications. Ultimately, developing a security update is a delicate balance between timeliness and quality, with maximum customer protection and minimal disruption.”– leads The edge Statement of the top manager