Wyden Urges FTC to Investigate Microsoft Over Weak RC4 Encryption Enabling Kerberoasting

Senator Ron Wyden has formally requested the Federal Trade Commission investigate Microsoft for cybersecurity negligence that has enabled ransomware attacks against critical infrastructure organizations nationwide.

In a September 10 letter to FTC Chair Andrew Ferguson, Wyden detailed how Microsoft’s dangerous software engineering decisions have made Windows systems extremely vulnerable to sophisticated cyberattacks.

The senator’s investigation centered on the 2024 ransomware attack against Ascension, one of America’s largest non-profit healthcare systems.

According to Wyden’s findings, the attack began when an Ascension contractor clicked on a malicious link while using Microsoft’s Bing search engine through the Edge browser.

This single action ultimately compromised thousands of computers across the healthcare network and exposed sensitive data belonging to 5.6 million patients.

Kerberoasting Technique Exploits Outdated RC4 Encryption

The hackers successfully employed a technique called Kerberoasting to escalate their privileges within Ascension’s Microsoft Active Directory server.

This attack ...