Microsoft is asking its certificate authority (CA) affiliates to send it their own copies of audit data after a MS system crash resulted in data loss.
Microsoft lost audit data for about 147 roots after a system crash. The incident had the knock-on effect of generating query emails to scores of affected (temporarily disavowed) CAs.
Redmond is taking its first steps towards getting on top of the situation by letting CAs know the score, in a message to the cabforum.org security forum on Wednesday, requesting help in putting matters right.
As many of you may have just noticed, our system just generated a bunch of emails informing many of you that you are subject to removal because Microsoft does not have evidence of a qualifying audit on file. This is likely an error on our side, but we need your help.
Our CRM system suffered a data loss, and it looks like it rolled back to an old backup. As a result, we lost audit data for about 147 roots. If you received a message, please don't panic. Instead, please just send Microsoft your most-recent audit data, and we will update our records. Sorry for the confusion.
As part of Microsoft’s Trusted Root program’s compliance requirements, Certificate Authorities must provide a courtesy copy of their audit data to the company annually. We’re reliably informed that Microsoft stores these internally in a standalone tool. An error occurred with the tool, so Microsoft contacted some CAs and requested they resubmit a copy of their latest audit data, sources confirm.
Microsoft is a player in backup and the cloud, through Microsoft Azure. Asking third parties for data on themselves in the wake of a back-up bungle is not the biggest disaster in the world, but it doesn’t look good either.
Redmond would certainly be well advised to review its disaster recovery plan in the wake of the snafu. ®