A U.S. senator criticizes Microsoft for using outdated encryption technology, which contributed to a ransomware attack on Ascension Health. The attack highlighted significant vulnerabilities in Microsoft’s default security settings, prompting calls for improved cybersecurity measures. #Microsoft #Kerberoasting
Keypoints
- The ransomware attack on Ascension Health was linked to the use of insecure RC4 encryption supported by Microsoft.
- Senator Wyden called for an FTC investigation into Microsoft’s cybersecurity negligence regarding default encryption support.
- Microsoft indicated plans to disable RC4 encryption by default in future Windows Server releases by 2026.
- The attack exploited weak security practices, using a technique called Kerberoasting to access privileged accounts.
- The incident caused widespread hospital disruptions, leaked sensitive data, and raised concerns over Microsoft’s market dominance in enterprise software.
Read More: https://therecord.media/ascension-ransomware-attack-wyden-seeks-ftc-microsoft-investigation