Botched and silent patches from Microsoft put customers at risk, critics say

by
Dan Goodin
from Ars Technica - All content on (#60C8Q)
microsoft-800x533.jpg

Enlarge (credit: Drew Angerer | Getty Images)

Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said.

Microsoft's latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three patches before successfully fixing a critical vulnerability in Azure. Orca Security first informed Microsoft in early January of the flaw, which resided in the Synapse Analytics component of the cloud service and also affected the Azure Data Factory. It gave anyone with an Azure account the ability to access the resources of other customers.

From there, Orca Security researcher Tzah Pahima said, an attacker could:

Read 8 remaining paragraphs | Comments

index?i=aCfxk-UOH9o:5FgxSMol4IU:V_sGLiPB index?i=aCfxk-UOH9o:5FgxSMol4IU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments