Microsoft has confirmed that a recent outage which impacted services was the result of a cyber attack.
The tech giant told customers yesterday it was investigating reports that users were having problems accessing services, with many reporting being unable to access email services and other key features.
Impacted services included Microsoft 365, which includes the tech giant’s Office and Outlook platforms, as well as cloud services such as Entra and Intune.
At the time, Microsoft said it had issued a fix for the problem, adding that services showed signs of improvement.
“We've implemented a networking configuration change, and some Microsoft 365 services have performed failovers to alternate networking paths to provide relief,” the tech giant said on its service status site.
“Monitoring telemetry shows improvement in service availability, and we're continuing to monitor to ensure full recovery.”
In a subsequent update, however, Microsoft revealed the outage was caused by a Distributed Denial of Service (DDoS) attack, the impact of which was exacerbated due to an “error in the implementation of our defences”.
"While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack... initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it,” Microsoft said.
This latest incident comes less than two weeks after a major global IT outage disrupted millions of devices globally.
A flawed update by cybersecurity firm CrowdStrike was identified as the source of the issue, which severely disrupted operations for thousands of businesses and service providers globally.
The incident saw millions of Windows devices affected, with users reporting being met with the ‘blue screen of death’. Remediation efforts have been non-stop since the incident, which in many cases required manual resets for devices.
RELATED WHITEPAPER
Donny Chong, director at Nexusguard, told ITPro that the latest outage highlights the significant impact DDoS attacks can have on critical services and stands as a warning for enterprises globally.
“The Microsoft outage demonstrates the ease at which DDoS actors can wreak havoc against critical business services,” he said.
“Anyone can carry out an attack of this magnitude from their own bedroom if they have the right equipment. While no company can guarantee the always-on availability of its cloud services, customers of these services have high expectations today, and that’s exactly what attackers are counting on.”
Stephen Robinson, senior threat intelligence analyst at WithSecure, echoed Chong’s comments, adding that while the outage was smaller in scale compared to the recent global disruption, it still showcases the fragility of critical services.
“Modern online services are built on stacked layers of dependencies, and in a significant proportion of service stacks you will find Microsoft services,” he said.
“One of the affected Microsoft services, Entra, is used to allow people to log on to services and websites, and without it, users are not able to log in,” Robinson added. “As such, while this outage only lasted for a short time and affected a subset of services, the impact was still noticeable to many people."
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Microsoft 365 price hikes have landed the tech giant in hot waterNews Australian regulators have filed a lawsuit against Microsoft for allegedly misleading users over Microsoft 365 pricing changes.
-
Microsoft issues fix for Windows 11 update that bricked mouse and keyboard controls in recovery environment – here's what you need to knowNews Yet another Windows 11 update has caused chaos for users
-
Windows 10 end of life could create a major e-waste problemNews The study marks the latest Windows 10 end of life e-waste warning
-
Microsoft Office 2016 and 2019 are heading for the scrapheap next month – but there could be a lifeline for those unable to upgradeNews The tech giant has urged Office 2016 and Office 2019 users to upgrade before the deadline passes
-
UK government programmers trialed AI coding assistants from Microsoft, GitHub, and Google – here's what they foundNews Developers participating in a trial of AI coding tools from Google, Microsoft, and GitHub reported big time savings, with 58% saying they now couldn't work without them.
-
Salesforce says ‘Microsoft’s anticompetitive tying of Teams' harmed business in triumphant response to EU concessions agreementNews Microsoft has agreed to make versions of its Office solutions suite available without Teams – and at a reduced price
-
US Senator calls for Microsoft FTC probe over ‘gross cybersecurity negligence’ – Ron Wyden claims the tech giant has provided ‘dangerous, insecure software’ to the US governmentNews Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
-
Microsoft touts new Copilot features in Excel, but says you shouldn’t use them if you want accurate resultsNews Microsoft has warned against using new AI features in Excel for “tasks with legal, regulatory, or compliance implications” – so when can you use it?
