Does Microsoft share blame for the SolarWinds hack?

In recent years, Microsoft has been in the forefront of the fight against governmental and foreign hacking, helping thwart countless attacks from Russian-linked attackers. It has publicly berated the US National Security Agency (NSA) for stockpiling software and hardware vulnerabilities so they can be exploited  instead of working with companies to fix them. And it has called for an international agreement to ban cyberattacks modeled after the Geneva Convention, which bans many weapons.

But now Microsoft is being called to task by critics, including a prominent US Senator, for actions they say might have helped exacerbate the Russian-backed SolarWinds cyberattack against the US government and industry.

The question: Did Microsoft unintentionally abet the cyberstrike? To get at that answer, we need to first take a close look at the SolarWinds attack.

Inside SolarWinds

The hack is now widely recognized as the most sophisticated, successful and dangerous cyberattack yet on the federal government and industry. At least 500 government agencies and private companies were successfully hacked, including the Pentagon, nuclear labs, US intelligence agencies and many Fortune 500 companies.