Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.
To be fair, they’ve handled security excellently on their Xbox consoles. 360 still hasn’t had a software exploit after the King Kong exploit was patched (and even then, it needed a DVD drive that could play burned discs), and it was only recently that an Xbox One and Series kernel exploit was found, and that’s limited to the SystemOS VM.
Basically, shove everything in virtual machines and it’ll probably be fine. QubesOS does a very similar thing on the desktop side. If no running programs can access the host OS, then it’s very unlikely that code execution on the host OS can occur, save for the very rare hypervisor escape exploits.
On Windows, macOS, and most Linux distros, everything runs on the host OS.
If only the feds had some inkling, based on decades of history, that Microsoft might not manage security well…
/s
All sarcasm aside, I wonder if there will be consequences for the dismissed warnings. I’m hoping so, because this is thoroughly inexcusable.
I appreciate the former employee for speaking out.
To be fair, they’ve handled security excellently on their Xbox consoles. 360 still hasn’t had a software exploit after the King Kong exploit was patched (and even then, it needed a DVD drive that could play burned discs), and it was only recently that an Xbox One and Series kernel exploit was found, and that’s limited to the SystemOS VM.
Basically, shove everything in virtual machines and it’ll probably be fine. QubesOS does a very similar thing on the desktop side. If no running programs can access the host OS, then it’s very unlikely that code execution on the host OS can occur, save for the very rare hypervisor escape exploits.
On Windows, macOS, and most Linux distros, everything runs on the host OS.