June 10, 2025

310 - Zero Accountability

An "FYI" for any organizations with a little too much Microsoft software running on their hardware, whether by malevolent intentions or incompetence, serious conflicts and vulnerabilities are quickly emerging. While you may not be the "canary in the coal mine", you too are at risk, and migrating to ships that aren't sinking takes time.

Recently my entire company had a series of email accounts running through Microsoft 365 deleted one morning, without notice, warning, or any explanation, even now close to 2 weeks later. That whole thing is its own absurd horror story, along with the world's worst "customer service" by a wide margin, but what has happened since then is also distinctly worth examining.

In particular, Microsoft OneDrive has silently begun blocking unrelated Windows Explorer processes from executing properly, a thing which becomes immediately evident when you open the task manager and manually end all OneDrive processes, allowing what they were blocking to immediately execute. It also blocks the personal vault from opening, so anything stored there-in may as well be gone if you didn't already wisely move it elsewhere. This never occurred previously.

The moment the recent cyberattack hit our Microsoft-based accounts (where nothing critical or confidential was stored, as we never trusted Microsoft) I began systematically removing any materials that an attacker might be after from my personal OneDrive as well. The cyberattackers were both stupid enough to go after the Microsoft accounts, and too stupid to attack personal accounts simultaneously, but as expected the anomalous behavior from the personal OneDrive app began within the days after the attack on the company account.

It is undoubtedly true that Microsoft is incompetent to a degree that is criminally liable, but they also appear to have bad actors worming through both corporate and private accounts related to the Microsoft 365 and OneDrive ecosystem, even as they're bombarded with a correspondingly high level of both real and fake support tickets. A sufficiently layered cybersecurity defense still blocks remote access by the attackers who've compromised Microsoft's admin (and/or internal support) level account access, but that is only one bad Windows Update away from changing at any given time.

As famously masochistic as it may be to try installing Nvidia drivers on Linux, it may come to that. The last semblances of "security" at Microsoft can't hold out under the siege of the systems which they both directly and indirectly funded via bad actors like OpenAI. Cybercrime is the 3rd largest market in the world, and it is climbing that ladder.