A cyberattack has caused an outage on Microsoft’s premier cloud infrastructure, Azure.
This news comes less than two weeks after the CrowdStrike outage disrupted over 8.5 million computers worldwide.
According to an official statement from Microsoft Azure, a distributed denial-of-service (DDoS) attack triggered an outage between 11:45 UTC and 19:43 UTC.
“An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes. “
This triggered Microsoft’s DDoS security mechanisms. More crucially, Microsoft admitted its “initial investigations suggest” that the error was in the implementation of said mechanisms. According to Azure, this failed to mitigate the attack and instead enhanced its impact.
Upon noticing the outage, Microsoft reported that it had begun resolving the issue and had made some significant progress within a few hours, mitigating “a majority” of the cyberattack’s impact. After rolling out updates via alternative network paths, the attack was declared “mitigated at 20:48 UTC”.
Microsoft reports here will be a full retrospective report on the incident, and the team aims to post the preliminary review in the next 72 hours, with a comprehensive report rolled out within 14 days.
Azure is Microsoft’s key revenue driver, growing 30% year over year. Thus, the outage has had an arguably broader impact, though potentially less harmful, than the CrowdStrike outage. This is simply because access to Azure isn’t restricted to Windows computers.
Naturally, swathes of Microsoft’s 365-related offerings were hit with degraded performance and access issues. The outage also saw banks such as NatWest, major retailers like Starbucks, and other major institutions reporting difficulties .
However, it wasn’t just infrastructure that was affected. Notably, both Xbox Live and Minecraft were hit with service disruptions. This affected millions of players worldwide. The outage also affected the UK’s HM Courts and Tribunals Service, which is responsible for criminal, civil, and family courts, and tribunals in England and Wales.
Microsoft Azure’s 10-hour outage comes less than two weeks after the CrowdStrike update crashed 8.5 million Windows computers worldwide.
This doesn’t bode well for Microsoft’s ongoing antitrust investigations by European Union (EU) and U.S. regulators. Microsoft faces an uphill battle to win back confidence from consumers and regulators alike.
Dubbed “the largest IT outage in history,” the CrowdStrike debacle cast doubt on Microsoft’s role as a digital infrastructure provider. Now, there is even more evidence to suggest that big tech is indeed “too big.”