Microsoft: Yesterday's Azure and 365 server outage was caused by a DDoS attack ... at least at first

Server farm
(Image credit: Windows Central | Microsoft Copilot)

What you need to know

  • Microsoft's Azure data center infrastructure suffered an outage yesterday. 
  • Services powered by Azure systems suffered downtime, including banks, and other major businesses. Microsoft's own services like Outlook were also disrupted. 
  • Microsoft was quick to mitigate the outage, and today, issued an explanation for the downtime. 
  • A distributed denial of service (DDoS) attack triggered the initial outage, but then Microsoft amplified the issues with a faulty mitigation measure.  
  • Microsoft apologized for the downtime. 

Cybersecurity is a hot topic right now, and Microsoft often finds itself in the crosshairs. 

Last week, a massive and unprecedented flaw in Crowdstrike endpoint protection software killed millions of computers and kiosks worldwide, leading to widespread disruption for various critical infrastructure businesses. Airlines, banks, and more suffered downtime, causing chaos for customers and billions in losses globally. Crowdstrike has also lost billions in market capitalization after the event, leading Microsoft to lead calls to close off regulator-mandated vendor access to the Windows kernel. 

For IT departments impacted by the downtime, a new Azure outage was probably the last thing they wanted to see across their desk first thing in the morning. Alas, that's what happened. 

Yesterday, Azure and services tied to Microsoft's data center infrastructure suffered a global outage, hitting thousands of businesses worldwide. Email access and other systems like authentication services failed, causing another spree of widespread disruption. Microsoft was fairly quick to rectify the issue, thankfully, and has today offered a broader explanation

"An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes," the status page reads. "While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it."

Simplified, DDoS attacks refer to "distributed denial-of-service" events, by which an attacker sends millions, maybe billions of bogus requests at server infrastructures, overloading the system. Typically these attacks are delivered by botnets, where malware infected computers join in on the attack simultaneously in a co-ordinated manner. Microsoft states that its systems weathered the initial wave of attacks, but it was ironically their preventative measures that exacerbated the attack, rather than mitigated it. 

Microsoft's Azure infrastructure is incredibly robust against these types of attacks, which have increasingly been utilized by hostile state-backed hacking groups to attack domestic infrastructure in recent years. Groups often associated with Russia, North Korea, and China are often held responsible, although Microsoft has yet to point any blame for this particular effort. 

Diversifying global IT infrastructure

Microsoft Azure

Azure is one of the world's biggest cloud services, and is frequently the target of state-backed cyber attacks.  (Image credit: Microsoft)

Cyber attacks of all shapes and sizes are evolving all the time, and so too much the tools used to defend against them. Microsoft is at the forefront of this battle, naturally, owing to its global server apparatus and its status as a service provider to nation states and defence departments. Microsoft has been contributing to Ukraine's cyber defence effort for example, and provides the infrastructure the U.S. defence department. It has also been the victim of Russia-backed cyber attacks, including communication theft, which has resulted in embarrassing hits to its cybersecurity credibility. 

We don't know a lot of details about yesterday's particular outage in terms of blame, but the fact Microsoft admitted that its own preventative measures amplified the issues is likely to lead to more questions of priorities. With the age of AI platforms helping hostile actors automate some of their processes, I suspect cybersecurity is going to be an ever-increasingly hot topic in the coming years. 

CATEGORIES
Jez Corden
Executive Editor

Jez Corden is the Executive Editor at Windows Central, focusing primarily on all things Xbox and gaming. Jez is known for breaking exclusive news and analysis as relates to the Microsoft ecosystem while being powered by tea. Follow on Twitter (X) and Threads, and listen to his XB2 Podcast, all about, you guessed it, Xbox!