The Register: Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals

Sep 11, 2025

—

Source URL: https://www.theregister.com/2025/09/11/wyden_microsoft_insecure/
Source: The Register
Title: Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals

Feedly Summary: Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension
Microsoft is back in the firing line after US Senator Ron Wyden accused Redmond of shipping “dangerous, insecure software" that helped cybercrooks cripple one of America’s largest hospital networks.…

AI Summary and Description: Yes

Summary: The text highlights a concern raised by US Senator Ron Wyden regarding Microsoft’s security failures, particularly tied to Windows software vulnerabilities exploited through a technique called Kerberoasting. This situation not only puts Microsoft in a challenging position but also underscores the broader implications for organizations relying on the infrastructure for healthcare and sensitive data management.

Detailed Description:

– The text reveals significant allegations against Microsoft regarding its security practices.
– US Senator Ron Wyden called for the Federal Trade Commission (FTC) to investigate the company’s failure to secure its Windows operating system, which was exploited in a cyberattack.
– The specific technique mentioned, Kerberoasting, is commonly used by attackers to compromise accounts with service accounts, thereby gaining access to vulnerable systems.
– This incident directly impacted Ascension, one of the largest healthcare networks in the United States, emphasizing the critical need for robust security in sectors that handle sensitive personal health information.

**Key Implications:**
– The events portray a failure in security infrastructure that has severe consequences in critical sectors, such as healthcare, which may trigger compliance and regulatory scrutiny.
– There is a pressing need for vigilance in software security and the implementation of robust controls to mitigate vulnerabilities inherent in widely-used platforms like Windows.
– The demand from a high-ranking political figure signals potential future regulatory actions that could reshape software development practices, especially in relation to security accountability.

**Recommendations for Professionals:**
– Security teams should assess their environment for vulnerabilities related to widely used software and stay informed about exploits such as Kerberoasting.
– Organizations must implement security best practices, including regular updates, rigorous patch management, and incident response planning.
– Proactive engagement with compliance frameworks and security standards can help to align organizational practices with regulatory expectations in light of these events.

1 2 2025 5 a access account accountability Act actions after age AI All alt America and art as at ated attack attacker attackers Best best practices Bi by by attack C CERN CI CIA co compliance compliance framework compliance frameworks control controls core critical cyber cyberattack D data data management de demand development development practices e end engagement environment event exp exploit exploits fail failures Fed Federal Trade Commission for framework frameworks FTC future g GIS Go H health Health Information Healthcare high Highlight hospital hospitals HR http HTTPS impact implementation implications in incident incident response incident response plan Incident Response Planning information infrastructure io Iron ite k Kerberoasting Key l Lance large led Li line M man management Micro Microsoft mission N network networks no o of on one only ons operating system OPM organization organizations ory oS out Patch Patch Management per personal health information planning platform platforms potential practices pre pro proactive proactive engagement professionals ps Q R Raise Rank ranking Ray RCE re recommendations red regular updates regulatory Regulatory Action regulatory actions regulatory expectations regulatory scrutiny response Response Plan Ro robust security s sec sector secure secure software security Security accountability security best practices security failures security infrastructure security practices security standards security team security teams Senator Ron Wyden sensitive data sensitive data management sequence service service account Service Accounts SHA Sig Signal software software development software development practices software security software vulnerabilities source specific SSE standards state states STIG system systems T team Teams tech ted text the to Tor TP trade two under United States up update updates US use V vents vigilance vulnerabilities Ware Wi Wind Windows x z