The Microsoft Ignite conference began yesterday, and people have been wondering what exactly will come out of it. In the past few weeks, there has been plenty of negative news released about the company due to multiple vulnerabilities plaguing its software. It is an especially concerning issue since cybersecurity concerns are at an all-time high. So, will Microsoft address its cybersecurity issues and failures, or will the conference serve as little more than a PR show for those in attendance?
It is important to understand just how severe the problems are. Reports have indicated that Microsoft flaws are responsible for 20% of the top 20 vulnerabilities exploited by China.
In one instance, an exploit was used to create a malicious OAuth app. The hackers proceeded to spread misleading messages about various sweepstakes. The intent was to get individuals to give credit card info in order to sign up for a recurring subscription that would give them a chance to win a prize.
There have also been zero-day bugs. One known zero-day vulnerability allowed remote code execution if an attacker had access to the PowerShell, giving threat actors a clear advantage. Another was a Side Request Forgery vulnerability, which was also being exploited. The worst part was that neither saw a clear and immediate fix.
Microsoft Exchange servers are used by government facilities and others dealing with sensitive information. Therefore, the fact that such vulnerabilities can be leveraged to access those servers is a major problem. Microsoft even acknowledged that hackers were taking advantage of the exploits to hack into networks and steal data.
Even now, vulnerabilities are causing problems, and it has led to a US defense contractor being hacked. The advanced persistent threat (APT) actor gained access to the defense industrial base (DIB) organization by exploiting Microsoft Exchange. Moreover, they had access for a year before the intrusion was detected.
Another problem that appeared was the Microsoft PowerPoint “mouseover” malware. While the vulnerability has reportedly been fixed via a Microsoft update, it was running rampant for quite some time.
The Russian state-sponsored threat actor leveraged code to have mouse movement in Microsoft PowerPoint presentations trigger a malicious PowerShell script. Those who have not updated their computer since the update are still vulnerable.
Russia is not the only country sponsoring such attacks. The North Korea-sponsored Lazarus threat group also caused problems, infecting legitimate open-source software with trojans and then using that software to gain backdoor access. Industries affected include tech, defense, and media.
Microsoft SQL servers have also been exploited, succumbing to FARGO ransomware. The ongoing campaign looked to infect as many servers as possible, targeting those with weak passwords. But it has also been affected by another piece of malware called Maggie. By the time news came about, hundreds of machines were affected around the world.
Cryptojacking has also made the news recently, and it is thriving due to a vulnerability in OneDrive.
While vulnerabilities and bugs are expected with software development, they can have serious consequences. Moreover, oftentimes the response leaves much to be desired. Therefore, it leaves one wondering whether Microsoft will address its cybersecurity issues and failures, at the Ignite conference or otherwise.