Particle.news
Download on the App Store
5 ARTICLES
·
4h ago

Wyden Asks FTC to Investigate Microsoft Over Security Practices Tied to Ascension Attack

Wyden says default Windows settings tied to Ascension's 2024 breach warrant FTC scrutiny of Microsoft's security posture.

A view shows the Microsoft logo on the day of the Hannover Messe, in Hanover, Germany, March 31, 2025. REUTERS/Fabian Bimmer
Image

Overview

  • Wyden sent a Sept. 10 letter to FTC Chair Andrew Ferguson alleging “gross cybersecurity negligence” and urging the agency to hold Microsoft accountable for recent high‑impact breaches.
  • He cites Ascension’s May 2024 ransomware incident, reporting that a contractor clicked a malicious link served by Bing that led to access to the health system’s Microsoft Active Directory.
  • The complaint highlights Microsoft’s continued support for RC4 in default configurations, which security researchers say enables “kerberoasting” attacks that can facilitate ransomware intrusions.
  • Microsoft counters that RC4 represents less than 0.1% of its traffic, says it discourages use, and plans to disable RC4 by default in certain Windows products starting in the first quarter of 2026 with additional mitigations.
  • An FTC spokesperson acknowledged receipt of the request and declined further comment, and Ascension has said the breach disrupted care and exposed data for roughly 5 to 5.6 million people.