Heimdal
article featured image

Contents:

Microsoft is alerting business clients to a flaw that resulted in critical logs being partially lost for nearly a month.

This puts at risk businesses who depend on this data to identify unwanted activity.

Microsoft is alerting enterprise customers that a flaw resulted in important logs being largely lost for nearly a month, endangering businesses who depend on this information to identify unwanted behavior.

Business Insider reported the issue earlier this month, when it announced that Microsoft started emailing customers that their logging info had not been consistently collected between September 2nd and September 19th.

The missing logs contain security information that is frequently used to keep an eye out for unusual activity, traffic, and login attempts on a network, which raises the possibility that an attack will go undiscovered.

Microsoft’s Review: What Was Affected?

In a preliminary post incident review, Microsoft says that the following services were impacted:

  • Microsoft Entra: Potentially incomplete sign-in logs, and activity logs;
  • Azure Logic Apps: Potentially incomplete platform logs;
  • Azure Healthcare APIs: Potentially incomplete platform logs;
  • Microsoft Sentinel: Potentially incomplete security alerts;
  • Azure Monitor: Potentially incomplete diagnostic settings routed to Azure Monitor;
  • Azure Trusted Signing: Potentially incomplete SignTransaction and SignHistory logs;
  • Azure Virtual Desktop: Potentially incomplete logs in Application Insights;
  • Power Platform: Data discrepancies across reports.

According to the report and to João Ferreira, Microsoft’s MVP, in the process of addressing a bug in the collection service, they exposed an unrelated bug in the internal monitoring agent, which prevented a subset of agents from uploading log event data.

The company determined during the investigation that the incident is unrelated to any security compromise.

Microsoft announced via a statement to TechCrunch that the bug has now been fixed and all customers have been notified.

If you liked this piece, you can find more on the blog. Follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE