
Microsoft
Global software and cloud giant; Azure, M365, Intune; DMA probe and US cloud sovereignty risk.
Last refreshed: 24 June 2026 · Appears in 5 active topics
Microsoft admitted to the French Senate it cannot guarantee French data stays in France: what does that mean for its European cloud business?
Timeline for Microsoft
Mentioned in: A quiet KEV fortnight, then a 2008 bug
Cybersecurity: Threats and DefencesMentioned in: New York freezes new permits by decree
Data Centres: Boom and BacklashShipped an out-of-band Defender engine update patching RoguePlanet
Cybersecurity: Threats and Defences: Microsoft ends the Nightmare Eclipse runCut 4,800 jobs on 6 July 2026
AI: Jobs, Power & Money: Microsoft cuts 4,800, denies AI did itBlueHammer turns into a ransomware step
Cybersecurity: Threats and DefencesWhy did Kenya suspend the Microsoft data-centre project at Olkaria?
What is Microsoft's out-of-band patch KB5091157 for?
Is Microsoft Azure safe from GRU hacking?
Background
Microsoft is among the world's most valuable companies by market capitalisation, founded by Bill Gates and Paul Allen in 1975. Its Azure cloud platform competes directly with Amazon Web Services and Google Cloud for enterprise AI workloads. GitHub Copilot, its AI coding assistant, is the most widely adopted developer AI tool; Microsoft 365 Copilot embeds generative AI across its Office suite. The company's AI bet is the largest capital allocation in its history.
The European Commission opened DMA cloud gatekeeper probes against both Azure and AWS in late 2025, with the US administration countering via a Section 301 investigation branding the DMA rules as 'economic warfare.' Microsoft previously acknowledged before the French Senate that it could not guarantee French customer data held on Azure would never be disclosed under US legal orders, the same CLOUD Act exposure that led France's SecNumCloud to require explicit immunity from non-EU access as a sovereign qualification condition. Its CLOUD Act exposure makes it ineligible for the highest tiers of EU sovereign cloud procurement, a structural constraint that will persist regardless of quarterly revenue performance.
Microsoft posted a record quarter driven by AI cloud revenue in early 2026, with Azure growth accelerating as enterprises migrate workloads to its AI infrastructure.
Microsoft's enterprise ubiquity makes it a persistent attack surface across multiple adversary tracks. APT28 (GRU Unit 26165) exploited home routers to Conduct credential theft targeting Microsoft 365 OAuth tokens, per an NCSC advisory backed by FBI. A 17-year-old Office Remote Code Execution vulnerability returned to CISA's Known Exploited Vulnerabilities catalogue in early 2026. Handala, an Iran-linked hacktivist group, wiped between 80,000 and 200,000 Stryker devices globally by exploiting a single stolen Microsoft Intune administrator credential in March 2026.
In April 2026, Microsoft issued out-of-band emergency patch KB5091157 for Windows Server 2016-2025, fixing LSASS reboot loops on Privileged Access Management-enabled domain controllers, a fault in a security-hardening configuration. The Intune credential-abuse precedent and the KB5091157 PAM-environment fault together underscore the attack surface that comes with Microsoft's position as the de facto identity and device management backbone for global enterprise.
A separate, contested disclosure dynamic emerged in June 2026. A security researcher using the handle 'Nightmare Eclipse' published CVE-2026-50656, a TOCTOU race condition in Windows Defender rated CVSS 7.8, without coordinating with Microsoft; this is the fifth in a series of uncoordinated Windows disclosures since March 2026 that the researcher circulates as the 'Chaotic Eclipse' series. Microsoft confirmed a fix is in development with no timeline given, and restated its opposition to uncoordinated disclosure. The patch status, CVSS scores, and total count for the broader series remain single-sourced from the researcher; no independent verification has been published.
Microsoft's direct data-centre footprint extends into emerging-market geothermal territory. In early May 2026, Kenya's government suspended the $1 billion Microsoft-G42 geothermal campus at Olkaria in the Rift Valley after projections showed the full 1 GW target would draw roughly a third of Kenya's entire installed national capacity of approximately 3 GW. President Ruto stated that building the full project as scoped would mean switching off half the country. The suspension illustrates the grid-capacity ceiling that constrains even well-resourced data-centre ambitions in markets with abundant natural resources but constrained transmission. Microsoft's Olkaria partnership with G42 was framed as a flagship sovereign-AI anchor for East Africa; the suspension leaves it in an uncertain state alongside the broader G42 strategic relationship that a 2024 US government-backed technology-sharing arrangement was designed to reinforce.