Home News Poor Quality, Too Slow, Too Intransparent: Criticism of Microsoft’s Update Behavior

Poor Quality, Too Slow, Too Intransparent: Criticism of Microsoft’s Update Behavior

0
Poor Quality, Too Slow, Too Intransparent: Criticism of Microsoft’s Update Behavior

In a post on Linkedin, the CEO of IT security services provider Tenable, Amit Yoran, complains about Microsoft’s handling of security breaches. The company exposes customers to unnecessary risks: The lack of transparency in cybersecurity spells danger for all of us. A picture is emerging of failed updates, incorrect assessment of the severity of security holes, and sometimes even miscommunication about (closed) vulnerabilities.

Yoran explains the problem in a specific case. IT security researchers at Tenable discovered security holes in Microsoft’s Azure Synapse, a big data analytics service, in March. Including one you classify as critical. Microsoft quietly fixed one of the gaps after an evaluation and downplayed the potential risk.

Only after Tenable informed Microsoft that they were publishing details about the vulnerability did something change: Microsoft privately confirmed the severity of the vulnerability 89 days after notification. However, Microsoft customers have not yet received any information about it.

The problem here is that this lack of transparency on the part of an IT infrastructure or cloud service provider increases risk exponentially, Yoran continues. Without timely and detailed information, customers would have no idea if they are or are still vulnerable to attack. Or if they have already been victims of an attack on a sealed security hole. If customers didn’t receive a vulnerability notification, they wouldn’t have the opportunity to search for evidence that they may or may not have been compromised, a highly irresponsible policy, Yoran adds.

Not only Tenable, but also other IT security companies like Wiz, Positive Security, and Fortinet described similar examples. OrcaSecurity can also bring that expertise. The company’s IT researchers also have a Vulnerability in Azure Synapse discovered how attackers could easily access data if they knew the name of a workspace, among other things. This would allow greater access and control of the workspace. They could also have run their own code on client machines in the Azure Synapse analytics service.

The timeline of the vulnerability reporting and removal fits the picture perfectly. In short, OrcaSecurity writes: Over 100 days to final bug fix. Three patches, the first two could be overcome. The certificate for the internal control server was only withdrawn and invalidated after 96 days. On the bright side, however, it should be noted here that both Microsoft and OrcaSecurity have posted background and details about the vulnerabilities on their blogs after the 100 days. However, there is no indication that Azure customers are receiving active notifications.


(DMK)

to the home page

LEAVE A REPLY

Please enter your comment!
Please enter your name here

xvideo clip fuckmomtube.net reshma nude scenes
x videos aunty indianpornfeed.com indian bra xnxx
زب شاب pornwap.tv افلام مصريه سكس
soul eater hentai maka xhentaisex.com hahaoya shikkaku
tall hot girls pornovuku.com hdmovie99
xnxxx hd video interracialporntrends.com tabooporns.com
افلام سكس شميل 3gpkings.pro معاشرة زوجية حقيقية
xvideos indian mallu hindisextube.org dehati bf film
erotic indian girls monaporn.mobi masalaxx
abot kamay na pangarap may 26 2023 full episode youtube pinoyteleseryeonline.com niyogyugan festival date
خيانة زوجية سكس arabwifeporn.com افلام جنس لبنانى
kannada sex poto porn-tube-home.net blue film movie
www.filmitube.com hindifucking.com spy cam porn
joem bascon teleseryeone.com kabuhayang swak na swak
chandigarh shemales popcornporn.net palletoori sex