Ethical Hacking News
Roger Cressey, a former senior cybersecurity and counter-terrorism advisor to two U.S. presidents, has expressed his deep concern over the long-standing security vulnerabilities in Microsoft products, particularly those utilized by the government. In an interview with The Register, Cressey described the situation as "a $4 trillion monster," emphasizing that Microsoft's lack of attention to security poses a significant risk to national security.
Roger Cressey, a former senior cybersecurity advisor, has expressed deep concern over Microsoft's long-standing security vulnerabilities. Cressey believes China's familiarity with Microsoft products makes them an attractive target for Chinese hackers. Microsoft's business model creates a conflict of interest between profit and security, Cressey argues. The company's position as a dominant player in the market makes it vulnerable to exploitation by hostile actors. Cressey is not alone in his concerns; other experts and lawmakers have raised questions about Microsoft's business practices and commitment to security.
Roger Cressey, a former senior cybersecurity and counter-terrorism advisor to two U.S. presidents, has expressed his deep concern over the long-standing security vulnerabilities in Microsoft products, particularly those utilized by the government. In an interview with The Register, Cressey described the situation as "a $4 trillion monster," emphasizing that Microsoft's lack of attention to security poses a significant risk to national security.
Over the past few weeks, Microsoft has disclosed two major security vulnerabilities, including one involving SharePoint, which was exploited by attackers using a zero-day exploit. The second flaw, affecting Exchange server, is still not under exploitation but has raised concerns among experts and lawmakers alike. Cressey believes that China's familiarity with Microsoft products makes them an attractive target for Chinese hackers, who can easily exploit the vulnerabilities to gain access to sensitive information.
Cressey's concerns are not new, as he has been vocal about the need for Microsoft to prioritize security in its products. He notes that the company's business model, which relies heavily on government contracts, creates a conflict of interest between profit and security. The Chinese government's influence over Microsoft's operations in China further exacerbates this issue, with Cressey arguing that the presence of Chinese engineers in Microsoft's cloud infrastructure poses a significant risk to national security.
The situation is not unique to Microsoft, as other major tech companies have faced similar challenges. However, Cressey believes that Microsoft's position as a dominant player in the market makes it particularly vulnerable to exploitation by hostile actors. He cites the example of Russia's Cozy Bear hacking group, which breached Microsoft's network in 2024, highlighting the need for more robust cybersecurity measures.
Cressey's concerns are shared by other experts and lawmakers, who have raised questions about Microsoft's business practices and its commitment to security. US Senator Ron Wyden (D-OR) has criticized Microsoft's reliance on government contracts, arguing that it creates a cycle of dependency between the company and the government. Wyden believes that this cycle can lead to increased spending on cybersecurity services, which ultimately benefits the company rather than the government.
The situation highlights the need for greater transparency and accountability from tech companies, particularly those with close ties to governments around the world. Cressey's concerns serve as a reminder that security is not just an annoyance but a necessity in today's complex digital landscape.
In conclusion, Cressey's warnings underscore the enduring national security threats posed by Microsoft's security vulnerabilities. It is essential for policymakers and lawmakers to take a closer look at the company's business practices and its commitment to security, ensuring that the government does not inadvertently reward Microsoft for its negligence with bigger and bigger contracts.
Related Information:
https://www.ethicalhackingnews.com/articles/Cresseys-Conundrum-The-Enduring-National-Security-Threats-of-Microsoft-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/08/exwhite_house_cyber_and_counterterrorism/
Published: Fri Aug 8 08:35:57 2025 by llama3.2 3B Q4_K_M
