Microsoft: Latest outage was sparked by cyber attack on Azure platform

31 July 2024, 11:04

Microsoft logo outside company offices
Cyber attack caused outage says Microsoft. Picture: PA

The tech giant said an attempt to flood its platform with traffic and knock it offline, and an error in its defences, caused the outage on Tuesday.

Microsoft has revealed the service outage which affected some of its apps and features on Tuesday was sparked by an attempted cyber attack.

The US technology firm said initial problems on its Azure cloud platform had been triggered by a distributed denial-of-service (DDoS) attack, where bad actors try and knock a platform offline by flooding it with traffic until it can no longer cope.

The issue has been resolved, Microsoft said, but the company confirmed its initial investigations had found that an error in the rollout of its own defences to prevent the attack “amplified the impact of the attack rather than mitigating it”.

In an update posted to its Azure status website, Microsoft said an “unexpected usage spike” had caused performance issues on parts of its Azure platform, for which the company said the “initial trigger event” had been the DDoS attack that “activated our DDoS protection mechanisms”, but these protections had initially made things worse, before the firm made “network configuration changes” to relieve and eventually help solve the issue.

The incident on Tuesday saw thousands of users report issues accessing a range of Microsoft services, with service status website DownDetector reporting user-flagged issues with Microsoft Teams, Xbox Live and other services.

Other websites were also affected, with banking giant NatWest apologising to customers whom it said had been unable to access some of its webpages, while Oxford United Football Club posted to X to confirm the issue was preventing online members from accessing online ticketing and club shop services.

The incident came less than two weeks after a major IT outage knocked global infrastructure including transport and healthcare services offline because a flawed software update from cybersecurity firm CrowdStrike affected Microsoft devices.

Adam Pilton, senior cybersecurity consultant at Cybersmart, said: “It’s not unsurprising to see that Microsoft has been subject to a denial-of-service attack, I imagine this is a frequent event for them. What is surprising is that it was successful.

“Microsoft have confirmed they do have DDoS protection in place which is what we would expect, however the protection they did have in place was misconfigured which in fact ended up amplifying the attack.

“This has been fixed and Microsoft have said they will be publishing an incident review within 72 hours sharing greater detail on what has happened. The fact this misconfiguration happened and was in effect exploited is concerning and understanding how Microsoft allowed this to happen will be crucial in ensuring if businesses can maintain confidence in them.

“For those affected they lost access to some of their Microsoft services for up to 10 hours. This is now the second reminder in two weeks of the importance of having business continuity planning in place. Whether a specific piece of software is unavailable or your entire network becomes unusable, you must have plans in place to ensure that your business can continue to work.

“It’s also a reminder of the reliance we have on big organisations. This may have impacted people indirectly whereby their supply chain was unable to fulfil demands placed on them. This in turn could be costly to business or simply damage business relationships.

“If businesses are to take one learning point from the past two weeks, it should be to have an incident response procedure in place, supported by a business continuity plan and test them. Ensuring that procedures work and that key stakeholders are able to execute them efficiently.”

By Press Association

More Technology News

See more More Technology News

Luke Littler gesturing to the crowd

Luke Littler and Oasis among top-trending Google searches in UK in 2024

A ChapGPT logo on a smartphone

OpenAI launches video generation tool Sora

An Amazon Echo Show device on a wall

Taylor Swift and Bitcoin named among the most popular Alexa queries of 2024

The Chat GPT website

OpenAI unveils new 200 dollars-a-month ChatGPT Pro subscription

The lights on the front panel of a broadband internet router

Full-fibre broadband reaches nearly 70% of UK homes – Ofcom

UK trials first interactive public breathalyser to curb drink-driving during festive season.

UK pub debuts first interactive breathalyser to help tackle drink-driving during festive season

A child using a mobile phone

Parents urged to be vigilant about children’s online safety over Christmas

Alder Hey Children's Hospital in Liverpool

Data from hospital cyber attack ‘could be released before NHS can investigate’

British singer Charli XCX dressed in a black dress and dark sunglasses at the Royal Academy of Arts Summer Exhibition Preview Party 2023 – London

Brat summer and ‘demure’ make-up feature in TikTok’s top trends of 2024

A woman using her mobile phone

Virgin Media O2 expands National Databank access to all O2 stores

Exclusive
Ministers are looking at relaxing the Tory government's TikTok ban in a bid to woo younger voters online, LBC understands.

Ministers eye TikTok comeback to reach younger voters despite security concerns

Telegram Messenger stock

Telegram to work with internet watchdog on child sexual abuse material crackdown

The GCHQ building in Cheltenham (GCHQ)

‘Broader and deeper’ online risk to UK from criminals and state-backed hackers

Riot police at a demonstration outside a hotel in Rotherham (

Oversight Board to examine Facebook posts about summer riots

The Microsoft logo

Microsoft facing £1 billion legal claim from UK businesses

A rendering of a computer chip with a human brain image superimposed on it

Most people happy to share health data to develop artificial intelligence – poll