In a blog post, Amit Yoran, the CEO of the cybersecurity company Tenable, said Microsoft’s cybersecurity track record is “even worse than you think”.
Tenable Research discovered a critical flaw in Microsoft’s Azure platform in March, allowing unauthorised access to steal sensitive data.
Microsoft was also made aware of the vulnerability, but it took them more than 90 days to release a patch.
The cybersecurity firm claimed that this security flaw has exposed several customers, including a bank, to cyberattacks.
Cloud providers use a shared responsibility model, which is harmed when vendors fail to notify customers about issues as they arise and apply fixes as soon as possible.
“Last week, Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice and the Federal Trade Commission (FTC) asking that they hold Microsoft accountable for a repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the US government,” Yoran said.
The CEO further said that Microsoft plans to fix the problem by the end of September, but the delay is “grossly irresponsible, if not blatantly negligent”.
He also pointed out data from Google’s Project Zero, which showed that Microsoft products have accounted for 42.5 per cent of all discovered zero-day vulnerabilities since 2014.
Responding to Yoran’s criticism, Microsoft told The Verge: “We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications.
“Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximised customer protection with minimised customer disruption.”
Meanwhile, Microsoft took the top spot in the second quarter (Q2) of 2023 as the most impersonated brand for phishing scams, according to the report by Check Point Research.
It climbed up the rankings last quarter, moving from third place in Q1 2023 to the top spot in Q2.
The tech giant accounted for 29 per cent of all brand phishing attempts.
–IANS
shs/ksk