Microsoft Security and the Azure Cloud: Good Enough?

January 27, 2023

I don’t know anything about the cyber security firm called Silverfort. The company’s Web site makes it clear that the company’s management likes moving icons and Microsoft. Nevertheless, “Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts” points out some alleged vulnerabilities in what Microsoft has positioned as its present and future money machine. The article says:

Silverfort disclosed the issues to Microsoft, and while the company is aware of the weaknesses, it does not plan to fix them, because they are not “traditional” vulnerabilities, Segal says. Microsoft also confirmed that the company does not consider them vulnerabilities. “This technique is not a vulnerability, and to be used successfully a potential attacker would need elevated or administrative rights that grant access to the storage account data,” a Microsoft spokesperson tells Dark Reading [the online service publishing the report].

So a nothingburger (wow, I detest that trendy jargon). I would view Microsoft’s product with a somewhat skeptical eye. Bad actors show some fondness for Microsoft’s approach to engineering.

Shift gears, the article “Microsoft Is Beating Google at Its Own Game.” I thought, “Advertising.” The write up has a different angle:

Following the news of Microsoft’s $10 billion investment, Wedbush analyst Daniel Ives wrote that ChatGPT is a “potential game changer” for Microsoft, and that the company was “not going to repeat the same mistakes” of missing out on social and mobile that it made two decades ago. Microsoft “is clearly being aggressive on this front and not going to be left behind,” Ives wrote.

Yep, smart software. I think the idea is that using OpenAI as a springboard, Microsoft will leapfrog into high clover. The announcement of Microsoft’s investment in OpenAI provides compute resources. If the bet pays off, Microsoft will get real money.

However, what happens when Microsoft’s “good enough” engineering meets OpenAI.

You may disagree, but I think the security vulnerabilities will continue to exist. Furthermore, it is impossible to know what issues will arise when smart software begins to think for Microsoft systems and users.

Security is a cat-and-mouse game. How quickly will bad actors integrate smart software into malware? How easy will it be for smart software to trawl through technical documents looking for interesting information?

The integration of OpenAI into Microsoft systems, services, and software may require more than “good enough” engineering. Now tell me again why I cannot print after updating Windows 11? Exactly what is Google’s game? Excitement about what people believe is the next big thing is one thing. Ignoring some here-and-now issues may be another.

Stephen E Arnold, January 27, 2023


Comments are closed.

  • Archives

  • Recent Posts

  • Meta