‘Microsoft has become like an arsonist selling firefighting services to their victims’ says US senator, referring it to the FTC for a cybersecurity flaw, though Microsoft says it has a plan
By Andy Edser
Copyright pcgamer
Skip to main content
Close main menu
THE GLOBAL AUTHORITY ON PC GAMES
View Profile
Search PC Gamer
PC Gaming Show
Movies & TV
Affiliate links
Meet the team
Community guidelines
About PC Gamer
PC Gamer Magazine Subscription
Why subscribe?
Subscribe to the world’s #1 PC gaming mag
Try a single issue or save on a subscription
Issues delivered straight to your door or device
From£35.99Subscribe now
Borderlands 4
Essential Hardware
Battlefield 6
Don’t miss these
Microsoft warns of ‘active attacks’ on its government and business server tech, with one cybersecurity expert claiming that they should ‘assume that you have been compromised’
Microsoft confirms SharePoint vulnerabilities have been exploited by suspected Chinese hackers, as reports indicate the US Nuclear Security Administration may have been among those compromised
Still using WinRAR? It might be time for an update, as a zero-day vulnerability is being ‘exploited in the wild in the guise of job application documents’
Gaming Industry
New report alleges Microsoft Recall is still screenshotting credit card numbers and passwords
Gaming Industry
Microsoft shareholders demand report into the company’s ‘human rights due diligence’ over allegations of war crime complicity in Gaza
A single guessed password has led to a cyberattack that put a fully insured 158-year-old company out of business despite security practices being up to code
A free chicken nugget hack helped uncover multiple McDonald’s cybersecurity fails: ‘All I had to do was change login to register in the URL’ to access ‘highly confidential and proprietary information’
Gaming Industry
US DoJ puts $11 million bounty on ransomware king allegedly responsible for stealing $18 billion
German phone repair and insurance firm goes bankrupt after paying €200,000 to ransomware hackers despite reported revenue of 70 million
Hacker claims to have exposed Amazon’s ‘AI security theater’ after exploiting its coding assistant with a simple factory reset prompt
Gaming Industry
‘Solid as a paper Whopper wrapper in the rain’: Hackers reported ‘catastrophic’ cybersecurity flaws at Burger King before the fast food giant nuked their criticism off the ‘net via DMCA
It’s time to update Asus Armoury Crate, folks—the latest vulnerability could allow hackers to compromise your Windows OS
‘Microsoft became miserably incompetent in IT’ says the developer of an Office alternative as their account is blocked, later filing an appeal ‘which they didn’t care to answer’
‘There is no such thing as a good secret backdoor,’ says Nvidia, reiterating that there are no kill switches, spyware, or secret ways to access its GPUs
‘One of the most powerful DDoS botnets to ever exist’ has been taken down by the DoJ with help from Amazon Web Services, Google, Cloudflare and others
‘Microsoft has become like an arsonist selling firefighting services to their victims’ says US senator, referring it to the FTC for a cybersecurity flaw, though Microsoft says it has a plan
Andy Edser
12 September 2025
“There is one company benefiting from this status quo: Microsoft itself.”
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Photo by Toby Scott/SOPA Images/LightRocket via Getty Images)
US senator Ron Wyden has written a letter to the FTC requesting that the organisation investigate Microsoft for what he calls “gross cybersecurity negligence.” His complaint is primarily related to a form of encryption still supported by the company’s Windows operating system, which the senator’s office believes is vulnerable to ransomware attacks.
In the letter [PDF warning], Senator Wyden reveals that an investigation his office conducted into a ransomware breach of healthcare provide Ascension last year found that support of the RC4 encryption cipher was a direct contributor to the attack (via Ars Technica).
“Because of dangerous software engineering decisions by Microsoft, which the company has largely hidden from its corporate and government customers, a single individual at a hospital or other organization clicking on the wrong link can quickly result in an organization-wide ransomware infection,” said Wyden.
Related Articles
Microsoft warns of ‘active attacks’ on its government and business server tech, with one cybersecurity expert claiming that they should ‘assume that you have been compromised’
Microsoft confirms SharePoint vulnerabilities have been exploited by suspected Chinese hackers, as reports indicate the US Nuclear Security Administration may have been among those compromised
Still using WinRAR? It might be time for an update, as a zero-day vulnerability is being ‘exploited in the wild in the guise of job application documents’
“Microsoft has utterly failed to stop or even slow down the scourge of ransomware enabled by its dangerous software.”
RC4, or Rivest Cipher 4, was developed in 1987 by mathematician and cryptographer Ron Rivest, and was considered a protected method of encryption until 1994, when it was compromised as a result of a leaked technical description. Despite this, RC4 was widely used in common encryption protocols until around a decade ago, and is still used by Microsoft to secure Active Directory, a Windows component used by system administrators to configure user accounts.
(Image credit: Witthaya Prasongsin via Getty Images)
While Windows will use AES encryption by default, the senator’s office discovered that Windows servers will still respond to RC4-based authentication requests, which potentially opens them up to “Kerberoasting.” This is a technique in which administrative privileges are gained via exploiting encryption on one affected machine in order to install ransomware on others.
In the case of Ascension, the senator claims that a contractor clicking on a malicious link led to hackers “moving laterally” within its server network, exploiting the weak encryption in order to push ransomware to thousands of other other computers in the organisation and ultimately stealing the sensitive data of 5.6 million patients.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
While the senator says that his office contacted Microsoft about the vulnerability, and that the company eventually posted a blog post with actions that organisations could take to protect against it, a promised security update to fix the issue is yet to arrive.
(Image credit: Future)
“The Ascension hack illustrates how it is Microsoft’s customers, and, ultimately, the public, who bear the cost of Microsoft’s dangerous software engineering practices and the company’s refusal to inform its customers about the pressing need to adopt important cybersecurity safeguards,” the senator continues.
“There is one company benefiting from this status quo: Microsoft itself. Instead of delivering secure software to its customers, Microsoft has built a multibillion dollar secondary business selling cybersecurity add-on services to those organizations that can afford it. At this point, Microsoft has become like an arsonist selling firefighting services to their victims”
Related Articles
Microsoft warns of ‘active attacks’ on its government and business server tech, with one cybersecurity expert claiming that they should ‘assume that you have been compromised’
Microsoft confirms SharePoint vulnerabilities have been exploited by suspected Chinese hackers, as reports indicate the US Nuclear Security Administration may have been among those compromised
Still using WinRAR? It might be time for an update, as a zero-day vulnerability is being ‘exploited in the wild in the guise of job application documents’
The senator ends his letter by urging the FTC to investigate Microsoft, and hold the company responsible for what the senator claims is the “serious harm it has caused by delivering dangerous, insecure software to the U.S. government and to critical infrastructure entities, such as those in the U.S. health care sector.”
(Image credit: Maciej Toporowicz, NYC via Getty Images)
Microsoft has since released a statement to multiple outlets, including Ars Technica, directly addressing the senator’s claims:
“RC4 is an old standard, and we discourage its use both in how we engineer our software and in our documentation to customers – which is why it makes up less than .1% of our traffic. However, disabling its use completely would break many customer systems,” the company said.
“For this reason, we’re on a path to gradually reduce the extent to which customers can use it, while providing strong warnings against it and advice for using it in the safest ways possible. We have it on our roadmap to ultimately disable its use. We’ve engaged with The Senator’s office on this issue and will continue to listen and answer questions from them or others in government.”
Microsoft also says that in the first quarter of 2026, “Any new installations of Active Directory Domains using Windows Server 2025 will have RC4 disabled by default, meaning any new domain will inherently be protected against attacks relying on RC4 weaknesses. We plan to include additional mitigations for existing in-market deployments with considerations for compatibility and continuity of critical customer services.”
Best gaming PC 2025All our current recommendations
👉Check out our full guide👈
1. Best overall:
HP Omen 35L
2. Best budget:
Lenovo Legion Tower 5i
3. Best high-end:
Corsair Vengeance A7500
4. Best compact:
Velocity Micro Raptor ES40
5. Alienware:
Alienware Area-51
6. Best mini PC:
Minisforum AtomMan G7 PT
Hardware Writer
Andy built his first gaming PC at the tender age of 12, when IDE cables were a thing and high resolution wasn’t—and he hasn’t stopped since. Now working as a hardware writer for PC Gamer, Andy spends his time jumping around the world attending product launches and trade shows, all the while reviewing every bit of PC gaming hardware he can get his hands on. You name it, if it’s interesting hardware he’ll write words about it, with opinions and everything.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Microsoft warns of ‘active attacks’ on its government and business server tech, with one cybersecurity expert claiming that they should ‘assume that you have been compromised’
Microsoft confirms SharePoint vulnerabilities have been exploited by suspected Chinese hackers, as reports indicate the US Nuclear Security Administration may have been among those compromised
Still using WinRAR? It might be time for an update, as a zero-day vulnerability is being ‘exploited in the wild in the guise of job application documents’
New report alleges Microsoft Recall is still screenshotting credit card numbers and passwords
Microsoft shareholders demand report into the company’s ‘human rights due diligence’ over allegations of war crime complicity in Gaza
A single guessed password has led to a cyberattack that put a fully insured 158-year-old company out of business despite security practices being up to code
Latest in Security
Eye scans and digital IDs to stop online bots in games: It’s not quite as Orwellian as you might think but proof-of-human isn’t problem-free
A free Chrome VPN with over 100,000 installations has been accused of snapping unauthorised screenshots of websites and spying on its users location data
‘One of the most powerful DDoS botnets to ever exist’ has been taken down by the DoJ with help from Amazon Web Services, Google, Cloudflare and others
A free chicken nugget hack helped uncover multiple McDonald’s cybersecurity fails: ‘All I had to do was change login to register in the URL’ to access ‘highly confidential and proprietary information’
Still using WinRAR? It might be time for an update, as a zero-day vulnerability is being ‘exploited in the wild in the guise of job application documents’
Asus says ‘all issues have been resolved’ regarding Armoury Crate, MyAsus, and router vulnerabilities, so I’d jump on those updates now if you were putting them off
Latest in News
‘Microsoft has become like an arsonist selling firefighting services to their victims’ says US senator, referring it to the FTC for a cybersecurity flaw, though Microsoft says it has a plan
Satellite snaps Starlink passing underneath while taking candid shots of Chinese airbase: ‘a very rare instance, but not impossible!’
Some Silksong players are clinging stubbornly to its release version as the ‘first major patch’ kills a secret technique and makes bosses a smidge easier
Silksong players have uncovered yet another secret—a little Clair Obscur: Expedition 33 easter egg
‘Even with a 9800X3D and a 5090 it runs like absolute buttcheeks’: 2K Games posts Nvidia’s Borderlands 4 optimised settings guide, but the community is already in open revolt
AI, take the wheel: Gigabyte’s latest motherboards will ‘intelligently dynamically’ improve performance of Ryzen chips by up to 25% in games through a built-in AI model
HARDWARE BUYING GUIDES
LATEST GAME REVIEWS
Best gaming laptop in 2025: I’ve tested a ton of notebooks this generation and these are the best in every category
Best Hall effect keyboards in 2025: the fastest, most customizable keyboards for competitive gaming
Best PCIe 5.0 SSD for gaming in 2025: the only Gen 5 drives I will allow in my PC
Best graphics cards in 2025: I’ve tested pretty much every AMD and Nvidia GPU of the past 20 years and these are today’s top cards
Best gaming chair in 2025: I’ve tested a ton of gaming chairs and these are the seats I’d suggest for any PC gamer
Asus ProArt Case PA401 review
Acer Predator Helios 18 AI gaming laptop review
LiberNovo Omni gaming chair review
Naya Create review
Caput Mortum is a fantastic, bite-sized horror game
PC Gamer is part of Future plc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future’s experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Accessibility Statement
Future Publishing Limited Quay House, The Ambury,
BA1 1UA. All rights reserved. England and Wales company registration number 2008885.
Please login or signup to comment
Please wait…
