Report: Vulnerability in SolarWinds hack dismissed by Microsoft

Microsoft was reported by ProPublica to have ignored warnings by former employee Andrew Harris regarding the presence of the Golden SAML vulnerability in its Active Directory Federation Services offering years before it had been leveraged to facilitate the widespread SolarWinds software supply chain hack in 2020, according to CRN. With the infection of SolarWinds Orion software resulting in the compromise of numerous organizations around the world, including the National Nuclear Security Administration and the National Institutes of Health, more urgent Microsoft action may have helped avert Golden SAML flaw exploitation, noted the ProPublica report, the findings of which were not challenged by Microsoft.

Source: SC Magazine