Microsoft says latest outage was caused by cyber attack

Microsoft outage image showing blue screen of death on multiple devices in an open plan office space.
(Image credit: Getty Images)

Microsoft has confirmed that a recent outage which impacted services was the result of a cyber attack.

The tech giant told customers yesterday it was investigating reports that users were having problems accessing services, with many reporting being unable to access email services and other key features.

Impacted services included Microsoft 365, which includes the tech giant’s Office and Outlook platforms, as well as cloud services such as Entra and Intune.

At the time, Microsoft said it had issued a fix for the problem, adding that services showed signs of improvement.

“We've implemented a networking configuration change, and some Microsoft 365 services have performed failovers to alternate networking paths to provide relief,” the tech giant said on its service status site.

“Monitoring telemetry shows improvement in service availability, and we're continuing to monitor to ensure full recovery.”

In a subsequent update, however, Microsoft revealed the outage was caused by a Distributed Denial of Service (DDoS) attack, the impact of which was exacerbated due to an “error in the implementation of our defences”.

"While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack... initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it,” Microsoft said.

This latest incident comes less than two weeks after a major global IT outage disrupted millions of devices globally.

A flawed update by cybersecurity firm CrowdStrike was identified as the source of the issue, which severely disrupted operations for thousands of businesses and service providers globally.

The incident saw millions of Windows devices affected, with users reporting being met with the ‘blue screen of death’. Remediation efforts have been non-stop since the incident, which in many cases required manual resets for devices.

RELATED WHITEPAPER

Donny Chong, director at Nexusguard, told ITPro that the latest outage highlights the significant impact DDoS attacks can have on critical services and stands as a warning for enterprises globally.

“The Microsoft outage demonstrates the ease at which DDoS actors can wreak havoc against critical business services,” he said. 

“Anyone can carry out an attack of this magnitude from their own bedroom if they have the right equipment. While no company can guarantee the always-on availability of its cloud services, customers of these services have high expectations today, and that’s exactly what attackers are counting on.”

Stephen Robinson, senior threat intelligence analyst at WithSecure, echoed Chong’s comments, adding that while the outage was smaller in scale compared to the recent global disruption, it still showcases the fragility of critical services.

“Modern online services are built on stacked layers of dependencies, and in a significant proportion of service stacks you will find Microsoft services,” he said.

“One of the affected Microsoft services, Entra, is used to allow people to log on to services and websites, and without it, users are not able to log in,” Robinson added. “As such, while this outage only lasted for a short time and affected a subset of services, the impact was still noticeable to many people."

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.