Does Microsoft share blame for the SolarWinds hack?

Critics, including a prominent U.S. senator, are pointing fingers at Microsoft for not warning customers about the Golden SAML security hole. Doing so might have headed off SolarWinds.

computer crime scene / hacked / infected / cybercrime / cyberattack
D-Keine / Getty Images

Editor's note: This story has been updated with the correct number of government agencies and private companies attacked.

In recent years, Microsoft has been in the forefront of the fight against governmental and foreign hacking, helping thwart countless attacks from Russian-linked attackers. It has publicly berated the US National Security Agency (NSA) for stockpiling software and hardware vulnerabilities so they can be exploited  instead of working with companies to fix them. And it has called for an international agreement to ban cyberattacks modeled after the Geneva Convention, which bans many weapons.

But now Microsoft is being called to task by critics, including a prominent US Senator, for actions they say might have helped exacerbate the Russian-backed SolarWinds cyberattack against the US government and industry.

The question: Did Microsoft unintentionally abet the cyberstrike? To get at that answer, we need to first take a close look at the SolarWinds attack.

Inside SolarWinds

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon