{"id":641684,"date":"2024-10-17T22:06:12","date_gmt":"2024-10-17T19:06:12","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products\/"},"modified":"2024-10-17T22:06:12","modified_gmt":"2024-10-17T19:06:12","slug":"microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products\/","title":{"rendered":"#Microsoft said it lost weeks of security logs for its customers&#8217; cloud products"},"content":{"rendered":"<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Microsoft has notified customers that it\u2019s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions.<\/p>\n<p class=\"wp-block-paragraph\">According to a notification sent to affected customers, Microsoft said that \u201ca bug in one of Microsoft\u2019s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform\u201d between September 2 and September 19.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The notification said that the logging outage was not caused by a security incident, and \u201conly affected the collection of log events.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Business Insider <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.businessinsider.com\/microsoft-tells-customers-it-lost-log-data-key-security-products-2024-10\">first reported<\/a> the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cyberplace.social\/@GossiTheDog\/113313392062371141\">security researcher Kevin Beaumont<\/a>, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights.<\/p>\n<p class=\"wp-block-paragraph\">Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers\u2019 networks during that two-week window.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview, according to the Business Insider report. Affected customers \u201cmay have experienced potential gaps in security related logs or events, possibly affecting customers\u2019 ability to analyze data, detect threats, or generate security alerts,\u201d the notification said.<\/p>\n<p class=\"wp-block-paragraph\">Microsoft would not answer specific questions about the logging outage, but a Microsoft executive confirmed to TechCrunch that the incident was caused by an \u201coperational bug within our internal monitoring agent.\u201d<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe have mitigated the issue by rolling back a service change. We have communicated to all impacted customers and will provide support as needed,\u201d said John Sheehan, a Microsoft corporate vice president.<\/p>\n<p class=\"wp-block-paragraph\">The logging outage comes a year after Microsoft came under fire from federal investigators for withholding security logs from certain U.S. federal government departments that host their emails on the company\u2019s hardened, government-only cloud, which investigators said having access to those logs could have identified a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of China-backed intrusions far sooner.<\/p>\n<p class=\"wp-block-paragraph\">The China-backed intruders, referred to as Storm-0558, broke into Microsoft\u2019s network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft\u2019s cloud. According to a government-issued post-mortem of the cyberattack, the State Department identified the intrusions because the it paid for a higher-tier Microsoft license that granted access to security logs for its cloud products, which many other hacked U.S. government agencies did not have.<\/p>\n<p class=\"wp-block-paragraph\">Following the China-backed hacks, Microsoft said <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/articles\/microsoft-to-offer-some-cybersecurity-tools-free-after-suspected-china-hack-6db94221\">it would start providing logs<\/a> to its lower-paid cloud accounts from September 2023.<\/p>\n<p class=\"wp-block-paragraph\"><em>Carly Page contributed reporting.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2024\/10\/17\/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has notified customers that it\u2019s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. According to a notification sent to affected customers, Microsoft said that \u201ca bug in one of Microsoft\u2019s internal monitoring agents resulted in a malfunction in&#8230;<\/p>\n","protected":false},"author":1,"featured_media":641685,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2020\/09\/microsoft-glitch2.jpg?resize=1200,674","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75269,4973,70375,70286,72287],"class_list":["post-641684","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-us-government","tag-china","tag-cybersecurity","tag-microsoft","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/641684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=641684"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/641684\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/641685"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=641684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=641684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=641684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}