Microsoft needs to look closely at security practices