Don’t miss our latest stories. Add PC Meg As a priority source on Google.
An American Senator Microsoft has been accused of “grass cybersecurity negligence”, and it has been claimed that the company has attacked health carers, including the renampeare incident last year.
On Wednesday, San Ron Weden (D-Over.) Sent a letter to the Federal Trade Commission, calling for a role in the Microsoft investigation and violation of the escort, in which hackers stole data on 5.6 million users. The address of the attack was known by downloading a malicious file to an employee that was thought to be legitimate. However, Widen argues that Microsoft also deserves some of his allegations because of the continued use of his old encryption technology.
(Photo for Anna Money Maker/Getty Images)
According to Wedin, the Essence Contractor downloaded malware after finding Microsoft’s Bing Search Engine, which Microsoft’s Edge web browser uses as default. “The contractor clicked a malicious link from one of the search results, which resulted in the result of downloading them inadvertently and opening a malware.”
The malware, which was installed on the contractor’s laptop, then provides hackers a way to infiltrate the Essence network, and eventually the healthcare provider spreads the renasmware to thousands of other computers.
The problem is that Microsoft may have faced this violation if it had pursued the risk of encryption in the company’s software called “curbosting”. Thanks to this flaw, hackers succeeded in breaking the accounts and obtaining administrative privileges on the Microsoft Active Directory server, which can be used to manage user accounts and applications on a company’s network.
Caribrosting allows the invaders to weaken, outdated encryption and partially steal active directory passwords, which Widen is now calling. He wrote, “This hacking technique takes advantage of Microsoft’s constant support for unsafe encryption technology since the 1980s, which is said to be RC4, including federal agencies and cybersecurity experts, including experts working for Microsoft.”
He added, “According to Microsoft, this risk can be reduced by setting long passwords that are at least 14 characters long, but Microsoft’s software does not require such password lengths for privileged accounts.”
Get our best stories!
Be safe with the latest greeting news and updates
By clicking on the signup, you confirm that you are 16+ years old and agree to our use and privacy policy terms.
Thank you for signing up!
Your membership has been confirmed. Keep an eye on your inbox!
After violating the rise, Weden said his staff had spoken to Microsoft in July 2024 and urged the enterprise users to warn the risk of curbs, which the company did in October. At that time, a blog post also said that Microsoft plans to disperse RC4 and disable it as default “Windows 11 24 H2 and Windows Server 2025 in future updates.”
But in his letter, Widen wrote: “Eleven months later, Microsoft has not yet released, which has promised a security update.” He also made a mistake to the company to do very little to promote his blog post on the risk of curbosting. “Thus, it is more likely that most companies, government agencies and non -profit that are Microsoft users are suffering from crushing,” he said.
However, Microsoft pushed back on Weden’s letter, saying to PCMAG: “RC4 is an old standard, and we discourage its use of how we engineer our software and users in our documents – that’s why it is less than our traffic.”
Suggested by our editors
The company added, “However, completely disabled its use will break many customer systems.” “For this reason, we are on the path to gradually reducing the extent to which consumers can use it, while providing strict warnings against it and suggesting to use it in the most safe ways. We have to finally disable its use on our roadmap.
In the meantime, Microsoft said that the RC4 has been disabled by the launch of any new installations of Active Directory Domains using Windows Server 2025. The company added, “We plan to add additional additional reduces to the current market deployment, which is considered for the continuation of compatibility and important customer services.”
This is not the first time that Widen has criticized Redmund for alleged security failures. In 2023, after the state -organized hackers violated US government systems, it also demanded federal inquiry into the company, partially exploiting Microsoft software.
In his latest letter, Widen added: “Essence Hack explains how these Microsoft users are, and, finally, the public, who bear the cost of Microsoft’s dangerous software engineering methods and urge the company to adopt important cyber security safe guards.”
The FTC did not immediately respond to the request for comment.
About Michael’s ear
Senior Reporter
