According to a ProPublica report, the tech giant was dismissive of an employee’s warnings about a vulnerability later exploited in the widely felt SolarWinds Orion attacks.

Microsoft was dismissive of a whistleblower’s warnings about a vulnerability later exploited as part of the widely felt SolarWinds Orion attacks, according to a ProPublica report.

The former employee, Andrew Harris, reportedly warned Microsoft multiple times while working at the company between 2016 and 2020 about a flaw later dubbed “Golden SAML” by cybersecurity vendor CyberArk.

[Related: SolarWinds ‘Confident’ It ‘Acted Appropriately’ After 2020 Hack: CEO]

The vulnerability, which enabled the exploitation of Microsoft’s Active Directory Federation Services, could allow a threat actor to more easily maintain access to a compromised environment while remaining undetected. Microsoft now recommends that Active Directory Federation Services customers migrate to its newer Microsoft Entra ID system.

CRN has reached out to Microsoft for comment.

Harris, who had previously worked for the Defense Department, was hired by Microsoft to bring his technical expertise with preventing products from being compromised by hackers, ProPublica reported in its investigative article published Thursday. He departed Microsoft in August 2020 to work for rival cybersecurity vendor CrowdStrike, several months before the SolarWinds breach was discovered.

The SolarWinds software supply chain attack saw threat actors, which have been associated with Russia’s SVR foreign intelligence unit, infect the Orion network monitoring software with malicious code.

After the implant was introduced to Orion, researchers say the tainted software was then downloaded by thousands of customers, including U.S. government agencies and major corporations, leading to numerous additional data breaches.

If Microsoft had acted sooner to respond to Harris’ warnings, it could have presumably helped to curtail some of the attacks carried out against customers of SolarWinds through exploiting the Golden SAML flaw, according to the ProPublica report. Victims attacked using the vulnerability included the National Nuclear Security Administration and the National Institutes of Health, the report said.

Microsoft “did not dispute ProPublica’s findings,” the report said.

The report was published as Microsoft President Brad Smith testified before the U.S. House Homeland Security Committee, where he reportedly said Microsoft “accepts responsibility” for security lapses recently identified related to a separate cyberattack. Smith was responding to the Cyber Safety Review Board’s April report on the 2023 Microsoft cloud email breach, which offered a scathing criticism of the company’s security culture and practices.