Microsoft's Neglect of Security Flaw in AD FS Raises Concerns

Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says 🔗

Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

The text describes how Microsoft ignored a critical security flaw in its Active Directory Federation Services (AD FS) product, despite a whistleblower's repeated warnings. The flaw allowed attackers to masquerade as legitimate users and access sensitive data in the cloud. Microsoft prioritized profit and market dominance over addressing the vulnerability, fearing it would jeopardize business deals and customer convenience. This decision left the U.S. government and other customers vulnerable to cyberattacks, including the SolarWinds breach carried out by Russian hackers. The company's inadequate security culture and profit-driven decisions have raised concerns about its commitment to customer safety.

Microsoft ignored a critical security flaw in its AD FS product despite repeated warnings from a whistleblower.
The flaw allowed attackers to access sensitive data in the cloud by masquerading as legitimate users.
Microsoft prioritized profit and market dominance over addressing the vulnerability, leaving the U.S. government and other customers vulnerable to cyberattacks.
The company's profit-driven decisions and inadequate security culture have raised concerns about its commitment to customer safety.