Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

      July 16, 2026

      Washington’s Intel Gamble Begins Delivering Strategic Results

      July 16, 2026

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026
      • AI

        Washington’s Intel Gamble Begins Delivering Strategic Results

        July 16, 2026

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Record Industry Pushes for AI Labels on Streaming Music

        July 15, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026
      • Security

        Social Media Ban Proposal Sparks Fears of Collateral Damage for Educational Technology Firms

        July 16, 2026

        China’s AI Distillation Campaign Raises New Concerns Over U.S. Technology Security

        July 13, 2026

        AI Tools Increasingly Exploited by Terrorist Organizations, New Research Finds

        July 13, 2026

        Pentagon Expands Engineering Recruitment to Restore America’s Military Technology Edge

        July 13, 2026

        EU Lawmakers Advance Controversial Private Message Scanning Measure Despite Mounting Privacy Concerns

        July 12, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»Senator Pushes FTC to Investigate Microsoft for ‘Gross Cybersecurity Negligence’
      Tech

      Senator Pushes FTC to Investigate Microsoft for ‘Gross Cybersecurity Negligence’

      Updated:February 21, 20264 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Senator Pushes FTC to Investigate Microsoft for 'Gross Cybersecurity Negligence'
      Senator Pushes FTC to Investigate Microsoft for 'Gross Cybersecurity Negligence'
      Share
      Facebook Twitter LinkedIn Pinterest Email

      U.S. Senator Ron Wyden (D-Ore.) has formally requested the Federal Trade Commission (FTC) open an investigation into Microsoft, arguing that the tech giant’s cyber-security practices amount to “gross negligence” and pose a serious national security risk. In a September 10, 2025 letter to FTC Chair Andrew Ferguson, Wyden accuses Microsoft of delivering “dangerous, insecure software” to the U.S. government and critical infrastructure sectors, especially healthcare. Central to his concerns are default insecure settings in Windows, continued support for the outdated RC4 encryption standard, and failure to require long enough passwords for privileged accounts—factors which he alleges enabled the 2024 ransomware attack on Ascension Healthcare, affecting 5.6 million patients. Wyden also criticizes Microsoft for not promptly disabling RC4, for providing guidance in overly technical language to a small audience rather than broadly warning its users, and for profiting from cybersecurity add-ons while its core software remains vulnerable. Microsoft has responded that RC4 usage is minimal (under 0.1% of traffic), that disabling it completely risks compatibility breaks, and that it plans to disable RC4 by default in certain Windows Server 2025 installations in early 2026; meanwhile mitigation for existing systems will be added. 

      Sources: Office of US Sen. Ron Wyden, IT Pro, CyberScoop

      Key Takeaways

      – Outdated defaults matter: Microsoft’s default configurations, including support for the RC4 encryption protocol and insufficiently strong password policies for privileged accounts, are central to Senator Wyden’s argument that the company’s product security posture is leaving critical infrastructure vulnerable.

      – Real-world consequences: The 2024 ransomware incident at Ascension Healthcare is cited as a concrete example illustrating how weak defaults, combined with phishing via Microsoft’s services (Bing/Edge), allowed attackers to gain privileged access and compromise patient data.

      – Regulatory scrutiny and response timeline: Wyden is pushing the FTC to hold Microsoft accountable; Microsoft has committed to disabling RC4 by default in certain new server setups by early 2026, but critics argue the pace and communication have been too slow and that broader mitigation is still needed.

      In-Depth

      Senator Ron Wyden has escalated his criticism of Microsoft, demanding that the Federal Trade Commission (FTC) investigate what he describes as “gross cybersecurity negligence.” His September 2025 letter argues that Microsoft’s long-standing default settings, engineering choices, and slow movement away from obsolete encryption standards have created exploitable gaps in critical infrastructure defenses—primarily in healthcare—but also affecting government systems broadly.

      According to Wyden, Microsoft’s software design, especially its defaults and support for antiquated protocols like RC4, have enabled serious threats, including the 2024 ransomware breach at Ascension Healthcare, which resulted in the exposure of sensitive data for 5.6 million patients after a contractor unintentionally introduced malware via a malicious Bing search link.

      The senator’s central contention is that Microsoft, by not making more secure configurations the default, shifts the burden of security onto customers—many of whom lack the technical bandwidth to audit, change, or maintain hardened settings. Wyden argues this dynamic is especially problematic given Microsoft’s de facto dominance in enterprise operating systems and identity management tools like Active Directory.

      In his view, when one entity controls so much of the architecture, its choices about defaults, encryption, and backwards compatibility ripple outward, influencing systemic risk. To this point, Wyden highlights Kerberoasting—an attack that abuses weak or legacy encryption in Kerberos ticketing systems—together with weak password requirements, as vectors that remain open because Microsoft hasn’t required usage of stronger encryption (e.g. AES) or eliminated RC4 broadly and more rapidly.

      Microsoft, in turn, defends its position by noting that RC4 is rarely used in practice (under 0.1% of traffic), that removing or disabling it entirely risks breaking compatibility with existing systems, and that the company has placed on its roadmap the phasing out of RC4 and other mitigations. It also points out that, technically, organizations can choose stronger settings—it’s just not the default. Nonetheless, Wyden contends that merely offering the possibility of stronger security, without making it standard, is insufficient given real consequences of weak settings: compromised networks, stolen data, and disruption of public health services.

      As this debate unfolds, the questions are not simply whether Microsoft’s engineering roadmap is improving, but whether regulatory bodies like the FTC should intervene to shift incentives, enforce more secure defaults, and hold dominant platform providers to greater responsibility for the downstream risks of their software engineer­ing decisions.

      Microsoft Ransomware
      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleSen. Klobuchar Pushes Tougher Deepfake Rules — Federal Law Follows
      Next Article Senior Developers Now Spending Most of Their Time Babysitting AI Code

      Related Posts

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Popular Topics
      Space SpaceX Tesla Cybertruck Viral Stocks Software Satellite starlink Series A trending Series B Sundar Pichai Tim Cook Taiwan Tech Satya Nadella spotlight UAE Tech Startup Tesla Samsung
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.