+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Microsoft faces backlash over irresponsible security practices

Aug 4, 2023, 14:13 IST
IANS
New Delhi, August 4 (IANS) Microsoft is facing mounting criticism for their lack of transparency and irresponsible security practices.
New Delhi, Microsoft is facing mounting criticism for their lack of transparency and irresponsible security practices.
Advertisement

In a blog post, Amit Yoran, the CEO of the cybersecurity company Tenable, said Microsoft's cybersecurity track record is "even worse than you think".

Tenable Research discovered a critical flaw in Microsoft's Azure platform in March, allowing unauthorised access to steal sensitive data.

Microsoft was also made aware of the vulnerability, but it took them more than 90 days to release a patch.

The cybersecurity firm claimed that this security flaw has exposed several customers, including a bank, to cyberattacks.

Advertisement

Cloud providers use a shared responsibility model, which is harmed when vendors fail to notify customers about issues as they arise and apply fixes as soon as possible.

"Last week, Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice and the Federal Trade Commission (FTC) asking that they hold Microsoft accountable for a repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the US government," Yoran said.

The CEO further said that Microsoft plans to fix the problem by the end of September, but the delay is "grossly irresponsible, if not blatantly negligent".

He also pointed out data from Google's Project Zero, which showed that Microsoft products have accounted for 42.5 per cent of all discovered zero-day vulnerabilities since 2014.

Responding to Yoran's criticism, Microsoft told The Verge: "We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications.

Advertisement
"Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximised customer protection with minimised customer disruption."

Meanwhile, Microsoft took the top spot in the second quarter (Q2) of 2023 as the most impersonated brand for phishing scams, according to the report by Check Point Research.

It climbed up the rankings last quarter, moving from third place in Q1 2023 to the top spot in Q2.

The tech giant accounted for 29 per cent of all brand phishing attempts.

--IANS

Advertisement
shs/ksk
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article