Microsoft, Security, and Blame: Playing the Same Record Again

July 24, 2025

This blog post is the work of an authentic dinobaby. Sorry. No smart software can help this reptilian thinker.

I have a dim memory of being at my friend’s house. His sister was playing “Catch a Falling Star” by Perry Como. My friend’s mother screamed, “Turn off that music. It’s driving me crazy.” The repetition, the loudness, and the sappiness were driving my friend’s mother insane. I didn’t care. I have the ability to tune out repetition, loud noise, and sappiness. My friend’s sister turned up the record player. Words did not work.

Those skills were required when I read “Microsoft Says Chinese Hackers Are Exploiting SharePoint Flaws.” The write up reports:

Microsoft Corp. accused Chinese hackers of exploiting vulnerabilities in its SharePoint software that have led to breaches worldwide in recent days.

What does one expect? Microsoft has marketed its software to government agencies and companies throughout the world. Hundreds of millions of people use its products and services. Students in computer science security classes learn how to probe its ubiquitous software for weak points. Professionals exploit hunters target software in wide use.

When a breach occurs, what tune does Microsoft put on the record player? The song is “Blame Game.” One verse is:

Let’s play the blame game, I love you more
Let’s play the blame game for sure
Let’s call out names, names, I hate you more
Let’s call out names, names, for sure

My dinobaby thought is that the source of the problem is not Chinese bad actors or thousands of Russian hackers or whatever assertion is presented to provide cover for a security failure.

Why not address the issue of Microsoft’s own quality control processes? Whatever happened to making security Job One? Oh, right, AI is the big deal. Well, if the AI is so good, why doesn’t Microsoft’s AI address these issues directly.

Maybe Microsoft is better at marketing than at software engineering? Now that’s a question worth exploring at the US government agencies now at risk of Microsoft’s own work processes.

Mothers can shout at their children. Microsoft issues PR speak about government intelligence agencies. News flash, Microsoft. Those actors know what big soft target to attack. Plus, they are not listening to your old tunes.

Stephen E Arnold, July 24, 2024

Written by Stephen E. Arnold · Filed Under cybersecurity, Microsoft, News

Comments

Got something to say?

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.