Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft Security IT

Microsoft Says It Lost Weeks of Security Logs For Its Customers' Cloud Products (techcrunch.com) 35

Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.

The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.

This discussion has been archived. No new comments can be posted.

Microsoft Says It Lost Weeks of Security Logs For Its Customers' Cloud Products

Comments Filter:
  • Shrug (Score:5, Funny)

    by iAmWaySmarterThanYou ( 10095012 ) on Friday October 18, 2024 @08:35PM (#64876145)

    You're hosted in Microsoft's cloud. You don't need logs to know you were hacked. Just assume you were hacked again and move on to the clean up and post mortem steps.

    • Suggestions
      - Reduce attack surface area - limit cloud usage to as few cloud technologies as possible
      - Weigh a balance between everything is a microservice and monolithic APIs. A point in between may be easier to manage, easier to deploy and less likely to fault/fail or be attacked
      - Reduce or limit the number of libraries used in a solution to the minimum within reason
      - Reduce the number of different technologies in the solution's technology stack when possible
      - Get business justification why the mix of cl

    • by gweihir ( 88907 )

      While that is probably meant to be funny, MS actually has cloud security that is much worse than the competition:
      https://www.cisa.gov/sites/def... [cisa.gov]

    • But muh Windoze docker containers! Where will I run them if not on Azure?!

      Seriously, though. If you were dumb enough to choose Microsoft as your cloud provider, you kinda deserve what is coming to you. Microsoft cannot even produce a secure desktop OS. Why would anyone think that their cloud platform would be any different?

      • There are cloud services from Amazon (AWS), Microsoft (Azure), Google, and others.

        Has anyone quantified the level of security from these products?

        A list of breaches, vendor faults helps but what's needed is actual quantification numbers.

        The larger main issue is that development implementation projects for the cloud usually omit a dedicated expert in cloud security, software security and data security. Those full time job tasks fall onto the understaffed and overworked development team and fall outside of t

  • Microsoft practically invented cloud redundancy. They mulefaced the thing....

  • by OneOfMany07 ( 4921667 ) on Friday October 18, 2024 @08:41PM (#64876157)

    I can see you have a lot of automation to help out in the boring stuff like monitoring and validating incoming data. And some very motivated employees!

    Guess I should be happy they were honest about it at all, and not just hiding it until someone else notices and publicly shames them.

  • by spaceman375 ( 780812 ) on Friday October 18, 2024 @08:56PM (#64876193)
    Mine was only eight hours of data for some +50 websites, but I feel for them. If it didn't get saved you can't recover it. But two weeks worth? If it went on that long, I wouldn't trust that IT team to know if it was what they blame or a clever hacker covering his tracks with a false flag.
    • by gweihir ( 88907 )

      From a reference, this happened apparently over a period of 4 (!) weeks: https://cyberplace.social/@Gos... [cyberplace.social]
      Guess MS did not see fixing things as a priority or did not have sensors in place at all and did not even notice. Some customer probably complained about the incomplete logs.

      This may not have causes by an attack, but it is a major security incident all by itself. On the level that makes people with a clue move away from the platform. Well, these are probably not on any MS cloud anyways.

      • worst, they actually had a health incident open for late logs in entra ID during this period, so they knew something was up.

        • by gweihir ( 88907 )

          You mean they actively looked away? Well, it is Microsoft. They fuck their customers any way they can these days.

  • by kellin ( 28417 ) on Friday October 18, 2024 @09:08PM (#64876219)

    Microsoft taking that security through obscurity literally..

  • by Malay2bowman ( 10422660 ) on Friday October 18, 2024 @10:06PM (#64876285)
    ...because we say we are.
    • by 1s44c ( 552956 )

      Trusted doesn't mean trustworthy.

    • by gweihir ( 88907 )

      They are correct. Too many people trust them, so they are trusted. The definition of "trusted" is "can attack you".

      What Microsoft is not, never was and never will be is "trustworthy".

  • by kmoser ( 1469707 ) on Friday October 18, 2024 @10:27PM (#64876309)

    The notification said that the logging outage was not caused by a security incident [...]

    Without logs, how would you know for sure that it wasn't a security incident?

    • They probably found a root cause that they're not releasing in the news. Some basic thing like a firewall rule change, routing change or expired certificate that they have change management records for.
      • by gweihir ( 88907 )

        And they needed two weeks to notice? Well, that nicely shows how "serious" Microsoft is taking security, after all.

    • by gweihir ( 88907 )

      That is just the usual lying that serves to obscure how massive this screw-up is, especially after they had Exchange Online fully compromised in 2023 and did not even notice.

      And you know what? On most people these lies-by-misdirection work.

      The fact of the matter is that this loss of these logs _is_ a massive security incident. It is just all their own fault, no attacker to blame.

  • Microsoft tries No Poop September, only makes it half way.

  • For choosing Microsoft.

  • ... regarding how to run their business professionally, and they are making beginner's mistakes all over the place. This is really no surprise to anybody with a working mind. MS has screwed up time and again and often in the most incompetent way possible. For a recent example, see here:
    https://www.cisa.gov/sites/def... [cisa.gov]

    Unfortunately, working minds are in short supply, so their crap still sells well.

  • With the logs missing there's no saying what happened, obviously.

    What should be equally obvious is that there's no reason to believe Microsoft lost them, which implies events outside their control.

    • by gweihir ( 88907 )

      Obviously. The malice is that MS is, and never was, taking money for really crappy services and products. It is amply clear that MS "lost" these logs because they did not care to make them reliable and secure enough. But here is the thing" Tons of organizations and individuals buy MS crap and their profits are stellar. Why should they even try to make good products or offer good services in that situation? Anybody depending on Microsoft these days is deep into self-harm, no exceptions.

  • is hanging out in Microsoft's cloud infrastructure.

You can be replaced by this computer.

Working...