[German]An unpleasant story that has come to my attention. There is a report of a bug with Microsoft's cloud services that means that log files from security products in the Microsoft cloud have not been saved reliably. Some log files appear to be lost forever. This could prevent threat detection for Microsoft's cloud customers – which in turn raises security concerns about the reliability of Microsoft as a company and its cloud services.
Advertising
Bug prevents logging
I became aware of the issue on X via the following tweet. Benzinga has written up the details in this article – the initial report at Business Insider is not available to me behind a barrier.
Logging is crucial
Logs that document events within a program, such as logging into an account, play a crucial role in identifying unauthorized network and account access. In the event of a security incident, gaps in the logging mean that access can no longer be traced – making forensic analysis impossible. The lack of proper logging could also lead to potential intruders being overlooked.
Logging failed
The report from Business Insider states that there was a technical glitch at Microsoft that prevented the consistent collection of log data for a number of its key cloud services. A bug in one of Microsoft's internal monitoring agents caused log data to be uploaded to the company's logging platform incorrectly between September 2 and 19, 2024.
This reportedly resulted in the loss of log data from several key Microsoft security products. This impacted customers' ability to detect threats and generate security alerts.
The affected products include Microsoft Entra, Microsoft Sentinel, Microsoft Defender for Cloud and Microsoft Purview. Microsoft Sentinel customers in particular may have experienced gaps in security-related logs or events.
Advertising
Addendum: Microsoft has documented the bug in the Microsoft 365 Message Center – and Joao Ferreira has mirrored the notification here on October 3, 2024. Further details can be found there.
This problem had no impact on the operation of customer-oriented services or resources, i.e. the respective services were not down. Only the logging was down. Customers are thus deprived of the ability to analyze data on access during the specified period, detect threats or generate security alerts. However, there are probably no indications of cyberattacks attributable to this incident.
How reliable is Microsoft?
Consistent and accurate log data collection is critical to maintaining robust security protocols. A gap in security measures can have an immediate impact on a large number of customers worldwide.
Microsoft has not yet commented on this incident. However, the loss of log data falls into a pattern of "many things not working (anymore) in Redmond". Microsoft had launched a security initiative following previous security incidents in which its cloud services were hacked and the attackers were undetected on the Microsoft network for months. The company never tired of emphasizing that security was now a top priority.
The incident has once again raised questions about the effectiveness of Microsoft's internal quality assurance and monitoring systems, which are supposed to detect such errors.
Microsoft's response to this incident and the measures taken to prevent future incidents will no doubt be closely watched by customers and stakeholders alike.
Advertising
