14 DAY TRIAL // Microsoft, the company that's offering cloud backup services through Azure, has just announced it lost some crucial data relating to digital certificates and is now asking some of its partners to lend a hand and resend their latest audits.
Microsoft, just like Google, Apple, and Mozilla, is part of the CA/BForum, an organization of Web browser vendors and certification authorities (CAs).
As a browser vendor, through its Edge and Internet Explorer products, Microsoft maintains a list of authorized CAs and their respective root certificates.
According to a message on the CA/BForum by Jody Cloutier, senior security program manager for Microsoft's Trusted Root Certificate Program, there was an error on the server that was running a CRM application that managed this list of trusted certificates and the adjacent details regarding each certificate and CA.
The error made it impossible to recover the current data, and the CRM defaulted to a much older backup that didn't include the most recent CA audit data.
Microsoft: Ooops, our bad!
Microsoft says that it lost audit data for 147 root certificates, which resulted in many SSL/TLS certificates showing errors inside the company's products.
"As many of you may have just noticed, our system just generated a bunch of emails informing many of you that you are subject to removal because Microsoft does not have evidence of a qualifying audit on file," the company's statement reads.
"This is likely an error on our side, but we need your help," the Microsoft spokesperson continued. "If you received a message, please don't panic. Instead, please just send Microsoft your most-recent audit data, and we will update our records. Sorry for the confusion."
The message was sent out on March 2, 2016, but CAs already started to answer a day later, resending their certification audits.