Subj : US Senator says Microsoft
To   : All
From : Mike Powell
Date : Fri Sep 12 2025 01:33 pm

US Senator says Microsoft should be probed for 'gross cybersecurity
negligence' after hospital ransomware attacks

Date:
Fri, 12 Sep 2025 15:00:00 +0000

Description:
Senator Wyden calls for Microsoft to be held responsible.

FULL STORY

US Senator Ron Wyden has written a letter to the FTC Chairman to urge them to
open an investigation into Microsoft over the companys negligent
cybersecurity in relation to ransomware attacks against US critical
infrastructure;

"I urge the FTC to investigate Microsoft and hold the company responsible for
the serious harm it has caused by delivering dangerous, insecure software to
the U.S. government and to critical infrastructure entities, such as those in
the U.S. health care sector," Wyden wrote in a letter to FTC Chairman Andrew
Ferguson.

Earlier this year, millions were left at risk after Ascension Healthcare
revealed a  data breach, most likely at the hands of C10p ransomware.
Karberoasting attacks

Senator Wydens office has reportedly obtained new information - "the hack
began when a contractor clicked on a malicious link after conducting a web
search on Microsofts Bing search engine."

Following this, a contractors laptop was infected with malware, which the
letter claims was due to "dangerously insecure default settings on Microsoft
software allowed the hackers to ultimately gain highly privileged access to
the most sensitive parts of Ascensions network."

Without timely action, Microsofts culture of negligent cybersecurity,
combined with its de facto monopolization of the enterprise operating system
market, poses a serious national security threat and makes additional hacks
inevitable.

The attacks reportedly used something called Kerberoasting - a technique
which exploits insecure encryption technologies from all the way back in the
1980s known as RC4. These are still supported by Microsoft software, and
Wyden argues Microsoft should warn customers about such dangers.

Microsoft has, as yet, not released a patch or update for the vulnerability,
nor has the firm reached out to warn customers.

RC4 is an old standard, and we discourage its use both in how we engineer our
software and in our documentation to customers  which is why it makes up less
than .1% of our traffic," a Microsoft spokesperson told TechRadar Pro .

"However, disabling its use completely would break many customer systems. For
this reason, were on a path to gradually reduce the extent to which customers
can use it, while providing strong warnings against it and advice for using
it in the safest ways possible. We have it on our roadmap to ultimately
disable its use. Weve engaged with The Senators office on this issue and will
continue to listen and answer questions from them or others in government.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-senator-says-microsoft-should-be-pro
bed-for-gross-cybersecurity-negligence-after-hospital-ransomware-attacks

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.