Microsoft was reported by ProPublica to have ignored warnings by former employee Andrew Harris regarding the presence of the Golden SAML vulnerability in its Active Directory Federation Services offering years before it had been leveraged to facilitate the widespread SolarWinds software supply chain hack in 2020, according to CRN.With the infection of SolarWinds Orion software resulting in the compromise of numerous organizations around the world, including the National Nuclear Security Administration and the National Institutes of Health, more urgent Microsoft action may have helped avert Golden SAML flaw exploitation, noted the ProPublica report, the findings of which were not challenged by Microsoft.However, Microsoft emphasized the absence of "inherent vulnerabilities" in the SAML standard and that its implementation does not pose a security issue to identity services."Our security response team takes all security issues seriously and gives every case due diligence with a thorough manual assessment, as well as cross-confirming with engineering and security partners. Our assessment of this issue received multiple reviews and was aligned with the industry consensus," said Microsoft.
Network Security, Critical Infrastructure Security, Threat Intelligence
Report: Vulnerability in SolarWinds hack dismissed by Microsoft

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



