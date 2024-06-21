The major SolarWinds hack affected thousands of companies a few years ago, leaving several cybersecurity systems vulnerable. But a new report implies that Microsoft had a significant role to play in the flaw that led to that eventual cyberattack. ProPublica released a report on June 14, which discovered a flaw in a Microsoft product, used by millions to log on to their work computers, that “could allow attackers to masquerade as legitimate employees and rummage through victims’ ‘crown jewels’ − national security secrets, corporate intellectual property, embarrassing personal emails − all without tripping alarms.”

While this vulnerability is concerning, it's not that surprising, say some experts.

“When profit motives take precedence over security, it creates significant vulnerabilities that can be exploited by sophisticated actors like nation-states,” Omri Weinberg, co-founder and CRO of DoControl said. “The fallout from this could be substantial, impacting not only Microsoft’s reputation, but also the broader trust in cloud services and enterprise software providers. It’s a stark reminder for all organizations to rigorously evaluate the security measures of their technology partners, and insist on transparency and accountability in how they handle potential threats.”

A part of a statement Microsoft sent us reads: "Security assertion markup language (SAML) is an industry standard for authentication supporting the majority of authentication and multiple vendors' identity services today. There are not inherent vulnerabilities in that standard, and supporting SAML itself is not a vulnerability for identity services. Many customers use SAML as the industry-standard authentication protocol to delegate trust between systems. As with others across the industry, we continue to offer that functionality to our customers, while emphasizing the importance of securing the systems that are the root of that trust.”

Read more about the breach and its implications.