Microsoft Corporation (MSFT) continues to investigate the possible impacts to its own systems and products from the malicious code planted into Orion software from SolarWinds Corporation (SWI). Microsoft previously found “no evidence of access to production services or customer data,” as well as “no indications that our systems were used to attack others.”
More recently, Microsoft revealed that the hackers were able to view unspecified source code, but the company offered assurances that this did not create any “elevation of risk.”2
Microsoft indicated that hackers have viewed some of its source code.
This seems to be related to the SolarWinds breach.
However, Microsoft sees no dangers to its systems or customers.
Statement From Microsoft
In a recent blog post, Microsoft states: “As we previously reported, we detected malicious SolarWinds applications in our environment, which we isolated and removed … Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data.”
Regarding the source code breach, Microsoft says: “[W]e do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.”
The statement continues: “As with many companies, we plan our security with an ‘assume breach’ philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access. We have found evidence of attempted activities which were thwarted by our protections.”
Significance for Investors
The full impact of the SolarWinds breach, which Microsoft refers to as “Solorigate,” remains an unfolding story, including its effect on Microsoft and the company’s customers. A cause for optimism is the fact that Microsoft apparently is taking this issue very seriously, continues to investigate, and apparently is willing to be open about the effects on its own business.
Microsoft’s statement opens: “[W]e believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks.” In conclusion, it promises: “As we learn more from our own internal investigation, and from helping customers, we will continue to improve our security products and share these learnings with the community.”