9 Things to Know About Microsoft’s Role in SolarWinds Hack
ProPublica
|
Contributed by: Drex DeFord
Summary
A ProPublica investigation revealed that Microsoft downplayed its role in a significant cyberattack by Russian hackers exploiting a flaw in its Active Directory Federation Services product. Despite repeated warnings from a Microsoft engineer, Andrew Harris, starting in 2016, Microsoft dismissed concerns about the security weakness, arguing that it did not cross a "security boundary." Harris suggested a temporary fix, but Microsoft prioritized business interests and government contracts over addressing the vulnerability. This flaw was ultimately exploited in the 2020 SolarWinds hack, impacting multiple U.S. federal agencies. Microsoft's leadership, including President Brad Smith, faced scrutiny for their inaction and public statements downplaying the issue.
