How Microsoft Forgot To Renew The Certificate For Its Windows Insider Subdomain

Microsoft forgot to renew the certificate for its Windows Insider subdomain over the weekend, causing an outage and disruption for those trying to use the platform. Users who attempted to visit the Windows Insider portal were met with a warning about how their connection wasn’t private.

Despite the site only being down for a few hours, this typifies why large enterprises need to prioritise machine identity management, as without it we’ll continue to see outages impact users.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Pratik Selva
Pratik Selva , Sr. Security Engineer
InfoSec Expert
June 13, 2022 12:32 pm

Microsoft’s Windows Insider Program is a public platform created to provide access to early Windows releases. It has a huge global community of millions of members. Although this incident did not lead to a severe a disruption, the site was still unavailable to millions of users for a number of hours which was, at a minimum, inconvenient. Microsoft isn’t the only vendor to experience this type of incident. Just recently Verifone and Spotify also suffered certificate outages that affected millions of users. Unless large enterprises with massive digital footprints prioritize machine identity management as a tier one application we will see more of these kinds of incidents. The problem is that the keys and certificates that serve as machine identities are critical to reliability as well as security and as companies move to the cloud management of them is more complicated.

Last edited 5 months ago by Pratik Selva
1
0
Would love your thoughts, please comment.x
()
x