Microsoft slammed by Tenable exec for slow Azure vulnerability response

Microsoft has been accused by Tenable CEO Amit Yoran of negligent cybersecurity practices as evidenced by its slow response to a critical Azure vulnerability, which was discovered by Tenable on March 30, CyberScoop reports. Such a vulnerability, which has enabled access to the authentication secrets of a bank, was confirmed by Microsoft in early April but the company has only confirmed the release of a partial fix on July 6 following an update request sent by Tenable in late June. Tenable was later told by Microsoft that the vulnerability will be completely fixed by Sept. 28, a move which Yoran noted in a blog post to be "grossly irresponsible." "Microsoft is a pretty strategic problem in the security space given the pervasiveness of their software, of their infrastructure. I also think they have to be part of the solution," said Yoran. Yoran's remarks come after Microsoft has been called out for its negligence regarding the Chinese hacking of various U.S. officials' email accounts last month by Sen. Ron Wyden, D-Ore., who has already sought a Justice Department investigation into the matter.