Namely, the lack of “transparency”
Microsoft is increasingly being accused of what critics say lacks transparency and adequate responsiveness to reports of vulnerabilities that threaten its customers.
Previously, it took Microsoft five months and three patches before it successfully patched a critical vulnerability in Azure.
Orca Security first reported to Microsoft in early January about a defect that was in the Synapse Analytics component of the cloud service and also affected its data center. It made it possible for anyone with an Azure account to access the resources of other customers.
Despite the urgency of the vulnerability, Microsoft has been slow to realize its severity, according to Orca Security researcher Tzach Pakhima. The first two patches were released with bugs, and it wasn’t until Tuesday that Microsoft released an update that completely fixed the bug.
Cybersecurity firm Tenable told a similar story about Microsoft’s failure to transparently fix vulnerabilities that also affected Azure Synapse.