Microsoft's very bad year for security: A timeline

Microsoft has had a horrible 2021, with vulnerabilities impacting its biggest services.

1 2 Page 2
Page 2 of 2

Maxim estimates that approximately 80% of enterprises use Microsoft Active Directory “globally in some shape or form. Given that Active Directory serves as the repository for user authentication credentials (among other features) and that authentication credentials are a highly valuable data source for hackers, it is only natural that hackers continue to target Microsoft systems because any exploit that can be developed can be attempted against a broad number of sources.”

“Attackers choose their targets based on value, and the more popular a system or program is, the more valuable it is to a hacker,” says Eugene Kolodenker, staff security intelligence engineer and research team member at Lookout. “Additionally, due to Microsoft’s sophistication and complexity, it has a large attack surface, much of which is remotely accessible. A combination of popularity and a large remote accessible attack surface creates a perfect target.”

Martin Jartelius, CSO at Outpost24, adds: “The fact is that it’s rarely these products that are the source of the breach; a breach occurs elsewhere and then attackers move toward these most important integral parts of the organization.”

Microsoft’s response to security incidents

Reflecting on Microsoft’s response to and handling of security incidents, John Bambenek, principal threat hunter at Netenrich, says the company generally does a good job. “If anything, they probably have the finest-honed product security process around.”

Maxim concurs. “Given the ubiquity of their systems, keeping track of every possible vulnerability is an impossible task. Microsoft continues to invest in the security capabilities in its native offerings and through things like the Microsoft Threat Intelligence Center they continue to provide detailed analysis and investigations of emerging malware affecting their platform to keep enterprises informed and protected.”

However, while Microsoft has rapidly responded and promptly attempted to patch vulnerabilities, several recent patches have been incomplete, and this has led to widespread exploitation until successful completion of the patch, says Kolodenker. “Many Microsoft high-level vulnerabilities were discovered by legitimate security professionals, and only after initial patch release did rampant exploitation by attackers begin. This has been further exacerbated by public proof of concepts released before widespread adoption of the patch.”

This serves as an example of why organizations cannot solely rely on security updates and fixes from service providers, no matter how much clout they carry. Instead, they must bear some of the responsibility themselves, applying security to mitigate the risks of vulnerability-focused exploits and attacks.

Jartelius champions a combination of preventative and reactive methods. “Just as we test our fire alarm systems on a recurring basis, we should test those security defenses and assumptions.” Companies that employ either internal or external teams to simulate real attacks while simultaneously practicing observing and responding to them often discover flaws that can be prevented relatively easily before they are targeted in the real world. “Most organizations struggle in keeping an experienced adversary, simulated or not, at bay,” he says.

Copyright © 2021 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline