Microsoft is facing growing criticism for what many are calling “grossly irresponsible” security practices following the recent ransomware attack involving the use of Microsoft Exchange Server. The attack invaded the systems of some of the world’s biggest companies, including the prominent security firm FireEye, resulting in the leaking of their sensitive data.
Microsoft was recently forced to admit fault following the hack, conceding that it was caught with its “security pants down.” This statement came after it emerged that Microsoft had failed to heed long-standing warnings that its Exchange Server had serious vulnerabilities that needed to be addressed.
Microsoft’s lax approach to security has been decried by security professionals. According to Ken Pfeil, VP of cybersecurity at FireEye, “Security is a fundamental building block in both the public and private sector and never more so than for technology suppliers…We’re disappointed.” Pfeil blames the “incomplete patching” by Microsoft for the incident and insists that it’s unacceptable that such a major tech company would be guilty of such “gross negligence.”
Ultimately, the widespread criticism towards Microsoft comes down to the fact that the tech giant has taken an alarmingly lax approach to security. For years it has failed to issues patches for security vulnerabilities in its Exchange Server, despite numerous warnings about potential abuses.
As a result, Microsoft now finds itself under considerable pressure and the spotlight of public scrutiny. It remains to be seen how it will respond to the mounting criticism and whether or not it will take steps to improve its security protocols. In the meantime, security experts are imploring Microsoft to take responsibility for its actions and act with the proper diligence going forward.