"Without timely action, Microsoft's culture of negligent cybersecurity, combined with its de facto monopolization of the enterprise operating system market, poses a serious national security threat and makes additional hacks inevitable."
"The letter underscores a long-standing tension in enterprise cybersecurity, the balance between legacy system support and secure-by-default design. What happened at Ascension isn't just about one bad click or an old cipher. It's about systemic risk inherited from default configurations and the architectural complexity of widely adopted software ecosystems like Microsoft's. When a single vendor becomes foundational to national infrastructure, their security design decisions, or lack thereof, can have cascading consequences."
"From a technical standpoint, allowing deprecated encryption like RC4 to remain enabled by default, even at 0.1% usage, introduces avoidable exposure. The challenge is that many organizations still rely on legacy applications that can break when more secure defaults are enforced. Vendors are often reluctant to force those changes out of fear of business disruption, but in security, inertia can be dangerous."
Senator Ron Wyden called for an investigation of Microsoft, alleging the company enabled the Ascension Hospital ransomware incident and delivered dangerous, insecure software to U.S. government and critical infrastructure. Wyden warned that Microsoft's negligent cybersecurity and de facto enterprise OS market monopolization pose a serious national security threat and could make further hacks inevitable. CISO Ensar Seker noted tension between legacy system support and secure-by-default design, highlighting systemic risk from default configurations and architectural complexity. Deprecated encryption like RC4 remaining enabled by default introduces avoidable exposure. The incident underscores the need for zero-trust segmentation, endpoint detection, stronger lateral-movement defenses, and clearer privilege boundaries.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]