Funny how on the consumer side, they keep pushing TPMs and other intrusive technologies under the guise of security, and they can’t even keep their shit together on the business end long enough for people to actually believe them.

Edit: Typo

deleted by creator

“This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. We continue to work directly with government agencies on this issue, and maintain our commitment to continue sharing information at Microsoft Threat Intelligence blog."

Translation: Fixing bugs cost way to much more money than just leaving them in, so in order to save the profits, we just wait them out. If the shit hits the fan, we can still start looking into the issue and maybe get some PR coverage to distract the public.

But we still happily support government agencies to exploit the barndoor-sized holes in our software for whatever nefarious reasons they have because they pay us for that.

This is the best summary I could come up with:

Responding to Wyden’s letter last week, Microsoft brushed off the criticisms, saying: “This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks.

Tenable is discussing the issue in only general terms to prevent malicious hackers from learning how to actively exploit it in the wild.

It is for this reason that we are withholding all technical details.” While Yoran’s post and Tenable’s disclosure avoid the word vulnerability, the email said the term is accurate.

The post came on the same day that security firm Sygnia disclosed a set of what it called “vectors” that could be leveraged following a successful breach of an Azure AD Connect account.

“The default configuration exposes clients to the described vectors only if privileged access was gained to the AD Connect server,” Ilia Rabinovich, director of adversarial tactics at Sygnia, wrote in an email.

I’m a bot and I’m open source!

Why businesses continue to trust Microsoft I’ll never quite understand. The number of breaches Microsoft has had overall the last 5 years is amazing. Compare that to what I believe is the ZERO breaches Google has had in the same time frame. Not that Google is to be trusted, but if anything of magnitude would have happened there it would have certainly leaked by now.

Cloud at this point is very hard to ignore. Internal IT team sizes shrinking, it’s becoming harder running all of those business needs internally. Businesses will learn the hard way when they continue to put their trust in the cloud, especially Microsoft’s. Some facets of IT are just too much work to bother with keep hosting internally. Exchange is a steaming pile of garbage. I managed it for years, so I can see why people cloud their email. Which I’m all for, because email is just a bitch to run in general. But use Gmail or something else. It’s a night and day difference. I’m dreading the day my company decides that Microsoft is the better deal just because Office needs updating. Instead of keeping the status quo, spend the money training employees on alternatives and run as far as you can from Microsoft’s hold.

Microsoft makes a lot of good products but keeping them secure is an after thought.