Microsoft Outlook Users: Maybe Proton Mail?

March 8, 2021

I spotted another write up about the security issues with the Azure, Defender, and Office365 services. Wow, nation states and groups of allegedly China-aligned hackers are making Microsoft look worse than Jackie Smith when he dropped a game winner for the Dallas Cowboys years ago. It seems as if bad actors are trying to out do one another in exposing the vulnerabilities of the Redmond construct. Wowza.

I read “White House Warns of Active Threat Following Microsoft Outlook Breach.” The write up states:

“We can’t stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted,” the White House official said.

Several observations:

  1. If I were involved in the JEDI procurement, I would not be too enthusiastic about Microsoft technology being the plumbing for the Department of Defense. Hey, I know PowerPoint is the go to tool in many DoD units, but it appears that there may be some bad actors able to get their digital paws on the PPTX attachments to Outlook email.
  2. Microsoft is fighting an after action situation. The bad actors are forcing Microsoft to rush code fixes to large, already compromised organizations. If the bad actors are indeed “inside” certain entities, the bad actors are likely to have access to these speedy fixes and be able to exploit them. Why not substitute a “real” MSFT fix with a certified malware infused fix. Sounds like something bad actors might consider.
  3. In my lecture to a group of US government cyber security professionals in 48 hours, I use the analogy of radiation poisoning for the SolarWinds’ and Microsoft Exchange breaches. Once the polonium is in the target, the fix is neither quick, simple, or ultimately likely to work.

Net net: Other bad actors will learn from these breaches and launch their own initiatives. That’s not good because there are quite a few bad actors eagers to make a mockery of US technology. I think one might characterize the Microsoft “repair after the barn burns down” as bad optics.

It’s bad something, for sure. Remember. It is the White House sounding the alarm, not an alphabet soup agency.

Stephen E Arnold, March 9, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta