Microsoft Under Fire: FTC Investigation Demanded Over Security Failures
A U.S. senator’s formal request for an FTC investigation into Microsoft’s cybersecurity practices, citing “gross cybersecurity negligence.” This negligence is linked to ransomware attacks on critical infrastructure, specifically mentioning the Ascension Health breach where 5.6 million patient records were compromised due to the exploitation of weak RC4 encryption in Microsoft’s Kerberos authentication system. The documents highlight Microsoft’s continued use of the outdated RC4 algorithm despite its known vulnerabilities, with the company defending its presence for backward compatibility while stating its intent to gradually phase it out. Finally, the sources also feature a cybersecurity firm, Technijian, offering services to mitigate such vulnerabilities and strengthen organizational security, emphasizing proactive measures and expert guidance to protect against advanced threats like Kerberoasting.
