Editor’s note: This story has been updated with the correct number of government agencies and private companies attacked.
In recent years, Microsoft has been in the forefront of the fight against governmental and foreign hacking, helping thwart countless attacks from Russian-linked attackers. It has publicly berated the US National Security Agency (NSA) for stockpiling software and hardware vulnerabilities so they can be exploited instead of working with companies to fix them. And it has called for an international agreement to ban cyberattacks modeled after the Geneva Convention, which bans many weapons.
But now Microsoft is being called to task by critics, including a prominent US Senator, for actions they say might have helped exacerbate the Russian-backed SolarWinds cyberattack against the US government and industry.
The question: Did Microsoft unintentionally abet the cyberstrike? To get at that answer, we need to first take a close look at the SolarWinds attack.