Microsoft CEO Brad Smith admits mistakes made regarding security – Computer – News

Microsoft President Brad Smith admitted that Microsoft had made mistakes regarding the security of its products. This came during a hearing of the US Homeland Security Committee.

Brad Smith by committee He called for an account Due to a cyber attack in 2023, he writes IT daily. Last year, Chinese hackers were able to break into email accounts of various companies, Western European governments, and the US government via Microsoft Exchange Online. In April, the United States said in a report that Microsoft could have prevented this attack. Smith must now answer this on behalf of Microsoft.

in Written certificate Before the hearing, Smith said Microsoft accepts responsibility for the problems identified by the United States “without any doubt or hesitation.” He also writes that Microsoft is working to adopt all of the report’s recommendations and work on eighteen other security goals. During the hearing, Smith again admitted the company’s failure in this incident.

Criticism of the SolarWinds attack

Earlier this week, more criticism of Microsoft’s actions in security emerged. ProPublica On Thursday it published testimony from former Microsoft employee Andrew Harris, who worked on the company’s security team until 2020. Harris argues that Microsoft played a questionable role in the 2020 SolarWinds attack.

The former employee said he discovered a potentially serious vulnerability in Azure AD FS in 2016, which allows logging into the Azure cloud. According to Harris, attackers can exploit the vulnerability to break into customers’ cloud environments through an on-premises server. However, Microsoft was afraid at the time that admitting the vulnerability would damage the reputation of its then-relatively new cloud division, so it covered it up, Harris says. For years, the former employee tried to get Microsoft to fix the flaw, but nothing was done.

In August 2020, Harris moved to CrowdStrike, just months before the SolarWinds attack. This attack exploited a flaw that Harris had already discovered in 2016, according to ProPublica. Smith had already had to respond to the SolarWinds attack in 2021, but he said at the time that no vulnerability in Microsoft products or services had been exploited in this attack.