Another Microsoft Cybersecurity Fail
I was getting errors last week from my anti-malware software, indicating a security problem with the Microsoft Office apps. It seems that two of their security certificates, which protect communications between Microsoft and the apps, had expired. These are foundational controls for securing products. It is common for them to be set to expire only after several years, so it it not very difficult to keep them up-to-date. Every major software vendor keeps their certificates current, without much of a problem.
So, this should not have happened!
More technical details can be found here: https://www.theregister.com/2024/06/28/microsoft_security_certificate_expires/
With all the recent hacks and insecure product feature choices, Microsoft is losing trust with its customers. It was even called before Congress again for security issues.
In the greater scheme of things, the expiring certificates is not a big risk, as they can quickly be rectified. But the fact that the practice is so basic and yet continues to be a problem (this is not the first time), conveys that Microsoft continues to have systemic issues when it comes to the security of their products.
I hugely respect Microsoft as a company and tech innovator, but the warning bells are ringing louder every day when it comes to security and by association , trust.
I think it is time that Satya Nadella, the CEO of Microsoft, step in and institute leadership changes that will address the myriad of strategic cybersecurity problems.
...anyone want to step-up and send him a note?
