Recently, Democratic Senator Ron Wyden of the United States sent a letter to the US Federal Trade Commission (FTC), alleging that Microsoft holds a near-monopolistic position in the enterprise IT sector. He strongly criticized the company’s cybersecurity negligence, labeling it a threat to national security.

Senator Wyden pointed out that rather than prioritizing the development of secure software, Microsoft profits by offering cybersecurity add-ons and services. He likened this practice to "an arsonist selling fire extinguishing services to victims." He further highlighted that Microsoft's Windows operating system contains vulnerabilities in its default security settings. Moreover, it still relies on outdated RC4 encryption technology instead of adopting the more advanced AES encryption standard.

Additionally, although Microsoft advises users to set long passwords to mitigate risks, its software does not enforce this recommendation.

Senator Wyden cited the 2024 ransomware attack on Ascension, a non-profit healthcare organization, as a case in point. Hackers launched the attack via a Bing link, employed the "Kerberoasting" technique to compromise a contractor's laptop, gained administrator privileges, and stole data on millions of patients. He emphasized that Microsoft had pledged to discontinue RC4 nearly a year prior but has yet to make good on this promise.

Finally, Wyden called on the FTC to investigate Microsoft and hold the company accountable for the harm its software has caused to vital government and public infrastructure.