In April of 2021, a consumer signing system crash resulted in a snapshot of the crashed process.
This snapshot did not include the signing key.
Later, it was discovered that this critical piece of information could have enabled wide access to other cloud services.
The Microsoft Security Response Center (MSRC) said in a post-mortem report that the compromised Microsoft signing key was not detected by its systems.
Cloud security firm Wiz later revealed in July that the compromise Microsoft signing series key could have been used to gain widespread access to private cloud services over unprotected networks.
Crydump: A crash dump of the signed transactions shows that the signer’s key is present in the crash dump.
It appears that a race condition allowed the key to be present even though no code was executed.