Microsoft: Back in the Security Spotlight

March 3, 2021

What giant software company with a great marketing operation is back in the spotlight? The answer may be Microsoft. I read “real” news from an outfit which is into trust “Chinese Hackers Plundered Inboxes Using Flaws in Microsoft’s Exchange Server Software.”

The write seems to be taking a slightly less enthusiastic approach to the outstanding software and services provided by the Redmond giant. The company is, as you may know, the outfit which is going to run much of the Department of Defense cloud system. That’s because the cloud is much better than on premises computing devices. The cloud is magical, which I think is a synonym for easier, but that’s just me.

I noted this statement in the trustiness article:

Microsoft’s suite of products has been under scrutiny since the hack of SolarWinds, the Texas-based software firm that served as a springboard for several intrusions across government and the private sector. In other cases, hackers took advantage of the way customers had set up their Microsoft services to compromise their targets or dive further into affected networks. Hackers who went after SolarWinds also breached Microsoft itself, accessing and downloading source code — including elements of Exchange, the company’s email and calendaring product.

The paragraph suggests that because Microsoft’s methods worked for the SolarWinds’ misstep, other bad actors are jumping into the hay stack of wild and crazy methods.

My view is that we are likely to see the feedback loop scale to some painful frequencies. Should anyone worry? Nope, those trusted permissions, the fluid code, and the big fat targets like Azure, Exchange, and Office 365 are no big deal. Right, Microsoft. It takes 1,000 engineers to fool the Softies.

Stephen E Arnold, March 3, 2021

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta