Wyden asks FTC to investigate Microsoft security
Public Sector Action
Summary
Hide ▲
Show ▼
U.S. Senator Ron Wyden asked the FTC to investigate Microsoft over alleged gross cybersecurity negligence, escalating scrutiny of Microsoft product security and its link to ransomware risk for U.S. health care organizations. The letter says weaknesses in Microsoft products contributed to attacks including the 2024 Ascension Health ransomware breach. That breach compromised data from 5.6 million patients after a contractor clicked a malicious Bing Search result in Microsoft Edge, enabling a Kerberoasting attack. Microsoft said it discourages RC4 use and is working to remove it gradually.
Related Happenings
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
Campaign
First: 06.05.2026 16:02
Last: 06.05.2026 16:02
Sources 1
About this happening:
The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy
CampaignAbout this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...
Code of conduct-themed Microsoft AiTM phishing campaign
Campaign
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Code of conduct-themed Microsoft AiTM phishing campaign
CampaignAbout this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Windows Task Host link-following privilege escalation (CVE-2025-60710)
Vulnerability
First: 15.04.2026 17:51
Last: 15.04.2026 17:51
Sources 1
About this happening:
CISA added **CVE-2025-60710** to its actively exploited catalog after finding a **Windows Task Host** link-following flaw that can let **local attackers** escalate to **SYSTEM** o...
Windows Task Host link-following privilege escalation (CVE-2025-60710)
VulnerabilityAbout this happening: CISA added **CVE-2025-60710** to its actively exploited catalog after finding a **Windows Task Host** link-following flaw that can let **local attackers** escalate to **SYSTEM** o...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
Vulnerability
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Timeline
-
11.09.2025 22:23 2 articles · 8mo ago
Wyden asks FTC to investigate Microsoft
Legal Policy Action UpdateU.S. Senator Ron Wyden sent a letter to the Federal Trade Commission requesting an investigation into Microsoft over alleged gross cybersecurity negligence in its products, arguing that weak security practices contributed to ransomware risk for U.S. health care organizations and critical infrastructure. The letter cites the May 2024 Ascension Health ransomware breach, which compromised data of 5.6 million patients, and says the attack chain involved a contractor clicking a malicious Bing Search result in Microsoft Edge, enabling a Kerberoasting attack against Microsoft Active Directory. Wyden’s office says it spoke with Microsoft in July 2024 about replacing RC4 with stronger options such as AES 128/256, and Microsoft later said it discourages RC4 use, is working to remove it gradually, and has engaged with the senator’s office on the issue.
Show sources
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” — www.bleepingcomputer.com — 11.09.2025 22:23
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” — www.bleepingcomputer.com — 11.09.2025 22:23