A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form of encryption that Windows uses by default.

In a letter to FTC Chairman Andrew Ferguson, Sen. Ron Wyden (D–Ore.) said an investigation his office conducted into the 2024 ransomware breach of the health care giant Ascension found that the default use of the RC4 encryption cipher was a direct cause. The breach led to the theft of medical records of 5.6 million patients.

It’s the second time in as many years that Wyden has used the word “negligence” to describe Microsoft’s security practices.

Read full article

Comments

Origianl Creator:
Dan Goodin

Original Link: https://arstechnica.com/security/2025/09/senator-blasts-microsoft-for-making-default-windows-vulnerable-to-kerberoasting/
Originally Posted: Wed, 10 Sep 2025 19:38:13 +0000