{"id":14776,"date":"2025-09-11T13:06:02","date_gmt":"2025-09-11T13:06:02","guid":{"rendered":"https:\/\/newestek.com\/?p=14776"},"modified":"2025-09-11T13:06:02","modified_gmt":"2025-09-11T13:06:02","slug":"microsoft-under-fire-senator-demands-ftc-investigation-into-arsonist-selling-firefighting-services","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14776","title":{"rendered":"Microsoft under fire: Senator demands FTC investigation into \u2018arsonist selling firefighting services\u2019"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

US Senator Ron Wyden has formally requested that the Federal Trade Commission investigate Microsoft for what he characterized as \u201cgross cybersecurity negligence\u201d that had enabled widespread ransomware attacks against critical infrastructure, including healthcare organizations.<\/p>\n

In a four-page letter to FTC Chair Andrew Ferguson, the Oregon Democrat documented how Microsoft\u2019s software engineering decisions had enabled ransomware attacks.<\/p>\n

\u201cMicrosoft has become like an arsonist selling firefighting services to their victims,\u201d Wyden wrote in the letter<\/a>, arguing that the company had built a profitable cybersecurity business while simultaneously leaving its core products vulnerable to attack.<\/p>\n

The letter presented a detailed case study of the February 2024 ransomware attack against Ascension Health<\/a> that compromised 5.6 million patient records, demonstrating how Microsoft\u2019s default security configurations enabled hackers to move from a single infected laptop to an organization-wide breach.<\/p>\n

When one click brought down a hospital system<\/h2>\n

The Ascension attack<\/a> began when a contractor using an Ascension laptop clicked on a malicious link from a Microsoft Bing search result. The malware spread laterally through Ascension\u2019s network, eventually compromising administrative accounts on the organization\u2019s Microsoft Active Directory server.<\/p>\n

The hackers exploited a technique called Kerberoasting, which leveraged Microsoft\u2019s continued default support for RC4 encryption \u2014 a technology from the 1980s that federal agencies had warned against for more than a decade.<\/p>\n

\u201cThat\u2019s exactly what played out in the Ascension case, where one weak default snowballed into a ransomware disaster,\u201d said Sanchit Vir Gogia, chief analyst and CEO at Greyhound Research.<\/p>\n

\u201cBecause of dangerous software engineering decisions by Microsoft, which the company has largely hidden from its corporate and government customers, a single individual at a hospital or other organization clicking on the wrong link can quickly result in an organization-wide ransomware infection,\u201d Wyden wrote in the letter.<\/p>\n

The technical reality behind the failures<\/h2>\n

Security experts have long criticized Microsoft\u2019s reliance on outdated encryption standards. \u201cRC4 should have been retired long ago, yet it still lurks in Active Directory and continues to enable attacks like Kerberoasting,\u201d Gogia noted.<\/p>\n

Microsoft\u2019s justification centered on backward compatibility concerns. \u201cMicrosoft\u2019s line has been that switching it off overnight could break older systems,\u201d Gogia explained. \u201cThat may be true, but after more than a decade of warnings, the argument has become increasingly difficult to sustain.\u201d<\/p>\n

Wyden detailed how \u201cMicrosoft\u2019s continued support for the ancient, insecure RC4 encryption technology needlessly exposes its customers to ransomware and other cyber threats by enabling hackers that have gained access to any computer on a corporate network to crack the passwords of privileged accounts used by administrators.\u201d<\/p>\n

The $20 billion security business<\/h2>\n

Microsoft\u2019s security division now generates more than $20 billion annually, much of it from features that addressed gaps in the company\u2019s core products. \u201cFeatures such as advanced logging, which many assumed were part of the core product, sat behind premium licenses until the Exchange Online hack forced Microsoft to expand access,\u201d Gogia observed.<\/p>\n

Wyden argued that \u201cinstead of delivering secure software to its customers, Microsoft has built a multibillion-dollar secondary business selling cybersecurity add-on services to those organizations that can afford it.\u201d<\/p>\n

This created what enterprise customers described as a double-billing problem. \u201cThat\u2019s why CIOs describe the feeling as being billed twice \u2014 once for the platform, and again for the peace of mind,\u201d Gogia said.<\/p>\n

Wyden captured this dynamic with his pointed criticism: \u201cAt this point, Microsoft has become like an arsonist selling firefighting services to their victims.\u201d<\/p>\n

Broken promises and regulatory pressure<\/h2>\n

When Wyden\u2019s staff briefed senior Microsoft officials about the Kerberoasting threat in July 2024, the letter added, they \u201cspecifically requested that Microsoft publish and publicize clear guidance in plain English so that senior executives would understand this serious, avoidable cyber risk.\u201d<\/p>\n

Microsoft\u2019s response fell short, publishing guidance as \u201ca highly technical blog post on an obscure area of the company\u2019s website on a Friday afternoon.\u201d The company also promised to release a software update disabling RC4 encryption, but eleven months later, \u201cMicrosoft has yet to release that promised security update,\u201d Wyden noted.<\/p>\n

The regulatory implications remained uncertain. \u201cA full-blown FTC case against Microsoft on the basis of weak defaults still feels unlikely,\u201d Gogia said. However, he noted that \u201cthe Cyber Safety Review Board\u2019s report from last year complicates the picture. It concluded Microsoft\u2019s security culture was inadequate and accused the company of avoidable mistakes in a government email breach.\u201d<\/p>\n

What CISOs are doing now<\/h2>\n

Enterprise security leaders weren\u2019t waiting for Microsoft or regulators to act. \u201cCISOs are already acting as though Wyden\u2019s points are proven,\u201d Gogia said. \u201cThey\u2019re disabling RC4 manually, mandating longer passwords for service accounts, and pushing multi-factor authentication across the board.\u201d<\/p>\n

Organizations were increasingly using procurement contracts as leverage. \u201cContracts are starting to include clauses demanding configuration reports and baseline protections,\u201d Gogia noted. \u201cIn some cases, workloads are being threatened with migration unless these terms are met.\u201d<\/p>\n

Industry-wide implications<\/h2>\n

The implications of Wyden\u2019s investigation could reshape how the entire software industry approaches security. \u201cIf Wyden\u2019s concerns gain ground, the implications stretch beyond Microsoft,\u201d Gogia said. \u201cTreating insecure defaults as negligence would change how software is built and sold.\u201d<\/p>\n

Wyden concluded with a stark warning: \u201cMicrosoft has utterly failed to stop or even slow down the scourge of ransomware enabled by its dangerous software,\u201d and warned that \u201cMicrosoft\u2019s culture of negligent cybersecurity, combined with its de facto monopolization of the enterprise operating system market, poses a serious national security threat and makes additional hacks inevitable.\u201d<\/p>\n

As Gogia summarized: \u201cThe Ascension breach has become a rallying point: one overlooked setting can take down an entire industry, so defaults are no longer trusted.\u201d<\/p>\n

Microsoft did not immediately respond to a request for comment.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

US Senator Ron Wyden has formally requested that the Federal Trade Commission investigate Microsoft for what he characterized as \u201cgross cybersecurity negligence\u201d that had enabled widespread ransomware attacks against critical infrastructure, including healthcare organizations. In a four-page letter to FTC Chair Andrew Ferguson, the Oregon Democrat documented how Microsoft\u2019s software engineering decisions had enabled ransomware attacks. \u201cMicrosoft has become like an arsonist selling firefighting services… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14776","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14776"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14776\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}