← Microsoft Corporation cases
Bugzilla #1848279
Technical Compliance
Microsoft PKI Services: Trusted Role Control Failure
RESOLVED
FIXED
Microsoft Corporation
AI Summary
A Microsoft PKI Services engineer discovered that a user account was provisioned for an employee not assigned to a Trusted Role, violating security requirements. This issue was identified during an internal audit on August 9, 2023, leading to the immediate deletion of the account. Although this was a significant process failure, Microsoft PKI Services maintained that the overall environment remained secure. The team has since implemented improvements to the management and verification processes for Trusted Role memberships to prevent recurrence.
Chronology
- Non-Trusted Role user requested account in High Security Zone
- Audit discovered Non-Trusted Role user account; incident opened
- User account deleted
- Centralized management of Trusted Role group list implemented
- Automation for user verification in Secure Zone completed
Participants
u654666@disabled.tld
johnmas@microsoft.com
bwilson@mozilla.com
External References
Similar Local Cases
Microsoft PKI Services: 3-Month Access Review Process Failure
Certainly: Root CRL validity period exceeds maximum by one second
GDCA: CRL validity period exceeds allowed value by one second
Update Microsoft field names and automate filling in the EV checkboxes based on the Microsoft Policy OIDs
Amazon Trust Services: CRL not DER-encoded
GlobalSign: CRL contains invalid signature algorithm
Apple: CRL issuance frequency deviates from CPS in some cases
Let's Encrypt: Failure to audit log subscriber certificate OCSP updates