DDoS Attack Triggers New Microsoft Global Outage

A global outage of Microsoft services was started by a Distributed Denial-of-Service (DDoS) attack, the tech giant has revealed.

An error in Microsoft’s DDoS protection measures then amplified the impact of the attack rather than mitigating it, the firm admitted.

The outage lasted for around 10 hours, between approximately 11.45 UTC and 19.43 UTC on July 30, 2024.

During this time customers reported issues with a range of Microsoft platforms, including Outlook, Azure and the video game Minecraft. Microsoft cloud systems Intune and Entura were also impacted.

Multiple organizations have reportedly been impacted, including banks, courts and utility services.

Microsoft acknowledged that “a subset of customers may have experienced issues connecting to a subset of Microsoft services globally.”

Unexpected Usage Spike Triggers Microsoft Azure Outage

Microsoft described an “unexpected usage spike” that resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout and latency spikes.

Microsoft apologized to customers for the issues on its X (formerly Twitter) account. It also promised to publish Preliminary Post Incident Review (PIR) within approximately 72 hours to share more details on what happened and the response.

Commenting on the incident, Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, said that while this outage only lasted for a short time and affected a subset of services, the impact was still noticeable to many people.

“Modern online services are built on stacked layers of dependencies, and in a significant proportion of service stacks you will find Microsoft services,” explained Robinson.

The problems occurred less than two weeks after an error on a software update for the CrowdStrike Falcon product caused an outage of Windows operating systems across the world.

In response to the incident, Microsoft implemented networking configuration changes to support its DDoS protection efforts and performed failovers to alternate networking paths to provide relief.

These initiatives mitigated the majority of the impact by 14.10 UTC, Microsoft said. An updated mitigation approach was then rolled out across Asia Pacific, Europe and the Americas, with normal service levels resumed globally by 19.43 UTC.

The incident was declared as mitigated at 20.48 UTC.

Image credit: JeanLuclchard / Shutterstock.com