Experts argue that Microsoft should provide fixes more often.
Several cybersecurity firms have chastised Microsoft for its allegedly delayed and opaque patching methods.
Both Orca Security and Tenable have been outspoken about how Microsoft handles high-severity issues. According to Orca Security, it has been attempting to get Microsoft to fix a critical issue in Azure’s Synapse Analytics since January 2022. After much back and forth, as well as two failed attempts, the company finally managed to provide a patch for user endpoints properly in April.
Tenable has also expressed concern with the way Synapse problem was handled. The company claims to experience a lack of openness demonstrated by Microsoft.
Slow Follina patch
Anyone utilizing the Azure Synapse service could exploit both of these vulnerabilities. After assessing the situation, Microsoft chose to quietly patch one of the issues, to minimize the danger. After almost months after the original vulnerability notification, the Microsoft Office 365 parent company pay heed to the seriousness of the security issue.
Microsoft was also chastised for its handling of the Follina vulnerability. It was only fixed after it had been actively exploited in the wild for more than seven weeks.
Researchers from the Shadow Chaser Group claim to have contacted Microsoft in April to inform them of the use of Follina vulnerability. However, the software giants didn’t consider it a vulnerability until two weeks ago, for obscure reasons.
Whether it was slow or not, Microsoft did rectify the Azure flaw. The company is sincerely devoted to ensuring the safety of its consumers and thinks that security is a team sport. They claim to value their collaborations with the security community, which allows them to safeguard clients.
The deployment of a security update involves a balancing of quality and timeliness. They take into account the requirement to minimize customer interruptions while strengthening security with such security patches.