Microsoft has admitted it lost more than two weeks of security logs for some of its cloud products, raising potentially concerning security risks.
Microsoft reportedly users about the problem, saying the loss was not due to a security incident or an attack, but rather came as a result of a software flaw.
“A bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform,” Microsoft was cited saying. The malfunction took place between September 2 and September 19.
Entra, Sentinel, and others
Logs are important because they help IT teams keep track of possible intrusions and other cyberattacks, so not having this information for more than two weeks puts the users at risk.
As per the reports, the malfunction affected a couple of products: Microsoft Entra, Sentinel, Defender for Cloud, and Purview. Affected customers “may have experienced potential gaps in security related logs or events, possibly affecting customers’ ability to analyze data, detect threats, or generate security alerts,” the company said in the notification.
TechCrunch reached out to John Sheehan, a Microsoft corporate vice president, who did not share more details about the bug, but did say that Microsoft fixed it: “We have mitigated the issue by rolling back a service change. We have communicated to all impacted customers and will provide support as needed,” he told the publication.
Logs are records of events and actions generated by applications or systems. They are used for debugging issues, monitoring performance, and auditing security. By capturing information about the system’s operation, logs help developers troubleshoot problems, track system health, and identify potential security threats. That makes them a crucial tool in spotting and tackling cyberattacks.
Via TechCrunch
The difference between no-logs and zero-logs VPNs – and why it mattersHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now