The company refused to fix flaw years before the SolarWinds hack.
The Big Story
Thu. Jun 13, 2024

In today’s newsletter, a former Microsoft employee says the software giant dismissed his concerns about a critical software flaw because it feared losing government business, updated financial disclosures from Supreme Court justices and more from our newsroom.
Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says
by Renee Dudley, with research by Doris Burke
VIEW STORY

Reporter Renee Dudley answers our questions about today’s investigation.

Microsoft President Brad Smith told Congress in 2021 that “there was no vulnerability in any Microsoft product or service that was exploited” in the SolarWinds hack. You spoke to a former employee named Andrew Harris. What does he say happened?

Harris said that he discovered a security weakness in a Microsoft product that many customers, including the U.S. government, used to log onto their devices. The flaw could allow attackers to masquerade as legitimate employees and rummage through victims’ “crown jewels” — national security secrets, corporate intellectual property, embarrassing personal emails — all without tripping alarms.

Beginning in 2017, Harris said that he pleaded with the company to address the issue. But at every turn, Microsoft dismissed his warnings, telling him that addressing the flaw would undermine its business goals. Frustrated, he left the company in August 2020. Four months later, the sprawling SolarWinds hack was discovered. In the attack, Russian spies exploited the very flaw Harris had warned about when they breached government agencies including the National Institutes of Health and the National Nuclear Security Administration.

What is Harris like? What has he told you about why he came forward?

Harris is someone who was drawn to computers at an early age. While still in college, he began working for the Department of Defense, where he stayed for almost seven years. Because of that background, he said he felt a commitment to helping protect national security. So after discovering the flaw in the Microsoft product, he became obsessed with the potential impact on federal government customers who relied on it. He was frustrated when the company refused to act on his warnings, saying, “They’re telling me it’s not ‘customer first,’ it’s actually ‘business first.’”

Microsoft declined to make Smith and other top officials available for interviews for this story, but it did not dispute ProPublica’s findings. Instead, the company issued a statement in response to my questions, saying, in part, that its assessment of the issue Harris raised “received multiple reviews and was aligned with the industry consensus.”
Read the investigation
More From Our Newsroom
Bill to Fund Stillbirth Prevention and Research Passes Congress
The bill expands the use of existing federal money to be used to fight stillbirths. Lawmakers cited ProPublica’s reporting on the issue as key to adding urgency and building support for the measure.
by Duaa Eldeib
ProPublica Updates “Supreme Connections” Database With New Justice Disclosures
The update includes data from eight financial disclosures made public last Friday that cover 2023, as well as information from some older filings.
by Ken Schwencke
Reader Tips Propelled Our Supreme Court Reporting. Now Your Info Could Power Our 2024 Election Coverage.
An email from a reader helped a team of ProPublica reporters uncover secret tuition payments Harlan Crow made for a family member of Clarence Thomas. Now we’re looking for tips on the election, and you can help.
by Justin Elliott
Former Foster Youth Are Eligible for Federal Housing Aid. Georgia Isn’t Helping Them Get It.
A 5-year-old program to help young people aging out of foster care offers millions of dollars in rent support. Some states have tapped hundreds of vouchers. Georgia has received just eight.
by Stephannie Stokes, WABE
Justice Clarence Thomas Acknowledges He Should Have Disclosed Free Trips From Billionaire Donor
The trips include vacations in Indonesia and at the exclusive, men’s-only Bohemian Grove retreat, which were first reported by ProPublica last year.
by Joshua Kaplan, Justin Elliott and Alex Mierjeski
A Bottled Water Company in Michigan Is Still Extracting Millions of Gallons of Water for Free
Gov. Gretchen Whitmer had pledged to crack down on bottled water companies taking water at the same time Flint, Michigan, faced a water crisis. Six years later and in her second term, little has changed.
by Anna Clark, photography by Sarahbeth Maney
His Parents Said They Would Homeschool Him. Lax State Oversight Kept His Abuse Hidden.
Illinois has virtually no regulations on homeschooling, allowing parents to pull vulnerable children from public schools and then not provide any education for them. Officials call them “no schoolers.”
by Molly Parker and Beth Hundsdorfer, Capitol News Illinois
What Donald Trump’s Criminal Trial May Indicate About a Second Trump Term
The picture that emerged in the New York courtroom was of a person on top of details, aware of what his team is doing. Along with outside events, it suggests Trump will be even less constricted by rules and norms than he was before.
by Andrea Bernstein
An Illinois School District’s Reliance on Police to Ticket Students Is Discriminatory, Civil Rights Complaint Says
Two civil rights groups are asking the U.S. Department of Education to force Rockford Public Schools, the third-largest district in Illinois, to stop discriminatory discipline involving police.
by Jennifer Smith Richards and Jodi S. Cohen
What Idaho’s Republican Primary Tells Us About America’s Culture Wars
The heavily Republican state booted 15 incumbents across the party’s ideological spectrum. While the election led to net gains for hard-line members of the right, it also underscores how divided Idaho’s party remains.
by Audrey Dutton
Multiple Trump Witnesses Have Received Significant Financial Benefits From His Businesses, Campaign
Witnesses in the various criminal cases against the former president have gotten pay raises, new jobs and more. If any benefits were intended to influence testimony, that could be a crime.
by Robert Faturechi, Justin Elliott and Alex Mierjeski
How satisfied are you with today’s newsletter?

1
Not satisfied
2
3
4
5
Very satisfied
Was this email forwarded to you from a friend? Subscribe.
Want less email? Click here if you only want to receive one ProPublica newsletter each week.
This email was sent to [email protected]. Update your email preferences or unsubscribe to stop receiving this newsletter. Email not displaying correctly? View it in your browser.
ProPublica • 155 Ave of the Americas, 13th Floor • New York, NY 10013