The vulnerabilities within Microsoft programs could be dangerous for hospitals and health systems that employ the tech giant's services.
Here is a roundup of the most notable Microsoft vulnerabilities Becker's Hospital Review has covered in 2020 so far.
- In January, the National Security Agency discovered a flaw in the digital signatures Microsoft uses to help prevent malware from being downloaded on a computer in its Windows 10 operating system. If exploited, the flaw would allow hackers to download malware on the computer without being detected.
- Microsoft released a notice Jan. 22 about a data breach within an internal customer support database used for support case analytics. The notice came after the company discovered that a change within the database's network security group had misconfigured security rules in December.
- The IBM X-Force Threat Intelligence Index 2020, released Feb. 11, cited various vulnerabilities in older versions of Microsoft Office and Windows servers that hackers are exploiting.
- Hospitals and health systems that continue to run their computers on Windows 7 could be left vulnerable after Microsoft ended its support for the operating system Jan. 14.
- Microsoft warned dozens of hospitals about vulnerabilities within virtual private networks that they use to assist their remote staff in April. The tech giant said these "human-level" ransomware attackers could exist on a victim's network for months undetected.
- In April, Microsoft fixed a vulnerability in Microsoft Teams that would have allowed hackers to tap into a subdomain takeover flaw using a malicious GIF that extracts personal user data from the workplace communication platform.
- The FBI, the Cybersecurity and Infrastructure Security Agency, and the U.S. government developed a list of the most routinely exploited vulnerabilities by cyberattackers in May. Seven out of the 10 most exploited vulnerabilities involved Microsoft.