Shulou(Shulou.com)11/24 Report--

CTOnews.com, August 4 (Xinhua) Microsoft's security record during this period is regrettable, and the company is facing increasing criticism since the attack on Microsoft's Azure service last month.

Microsoft disclosed a major loophole in its Azure platform on July 12 last month, while admitting that a hacker group called Storm-0558 had attacked it. It is reported that the attack affected 25 organizations, and a large number of emails of business executives and government officials were stolen.

According to foreign media CyberSecurityDive, US Senator Ron Wyden sent a letter to the US Department of Justice last week, asking the US Justice Department to hold Microsoft accountable for "negligent cyber security actions." he also revealed that cyber security company Tenable also found another serious cyber security loophole in Microsoft's Azure service, but Microsoft delayed to fix it for three months after discovering this loophole.

It is reported that Tenable, a network security company, discovered the vulnerability in March this year, through which hackers can invade companies that use Microsoft's Azure services. Ron Wyden claimed that it took Microsoft "more than 90 days to implement a partial fix" after Tenable notified Microsoft, and that only companies that fully redeployed Azure services after the repair would not be affected by the vulnerability, so these companies would have to pay an extra cost to ensure enterprise security.

In an article on LinkedIn, Amit Yoran, chief executive of ▲ Touyuan network security company Tenable network security company Tenable, said Microsoft's network security record was "worse than most people think."

Amit Yoran believes that Microsoft, as a large company in the industry, appears to be "extremely irresponsible, even blatantly negligent" in dealing with consumers and even corporate customers. He also pointed out that Microsoft products accounted for 42.5 per cent of the list of zero-day vulnerabilities since 2014, according to Google's zero-day vulnerability project (Project Zero).

CTOnews.com found that Jeff Jones, a senior Microsoft executive, had responded to the above events, saying:

We appreciate our cooperation with the safe community to disclose product issues in a responsible manner. We follow a broad process that includes thorough investigation, development of updates for all affected product versions, and compatibility testing in other operating systems and applications. In the final analysis, the development of security updates needs to strike a delicate balance between timeliness and quality, while ensuring maximum customer protection and minimizing disruption to customers.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.