Tenable criticizes Microsoft for being negligent when it comes to security, and Tenable’s CEO, Amit Yoran, says the company should do better when it comes to security vulnerabilities.
Microsoft’s lack of transparency applies to breaches, irresponsible security practices and to vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about.
In a blog post, Yoran says Microsoft took over 90 days to implement a partial fix to a serious issue that would enable an unauthenticated attacker to access authentication information, such as credentials to a bank account. The Tenable CEO says that even after the issue was brought to Microsoft, the Redmond-based tech giant only managed to implement a partial fix that doesn’t entirely fix the issue at hand.
That means that as of today, the bank I referenced above is still vulnerable, more than 120 days since we reported the issue, as are all of the other organizations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk mitigating actions.
Later in the post, Yoran says that Microsoft offers very little transparency and a culture of toxic obfuscation, and the company is putting everyone at risk by failing to address the vulnerabilities of its products.
Microsoft has recently been attacked by various threat actors, and one of such actors, Midnight Blizzard, has managed to use compromised Microsoft 365 accounts to hack almost 40 organizations around the world. However, the Redmond-based tech giant is currently addressing the issue.
What do you think about it? Do you agree with Tenable’s CEO or not? Let us know in the comments section below.