Double Trouble: DDoS and Internal Errors Cause Major Microsoft Azure Outage
Yesterday, Microsoft’s cloud computing service, Microsoft Azure, experienced another outage. Since many of Microsoft’s services, especially Microsoft 365, also run on Microsoft Azure, the outage affected all Microsoft 365 services, such as OneDrive and Outlook.
Microsoft subsequently revealed that the outage was caused by a combination of a DDoS attack and errors within the Microsoft cloud computing platform. When the DDoS attack occurred, Azure’s automatic protection mechanisms were activated. However, instead of mitigating the problem, these mechanisms exacerbated the outage’s impact. Multiple online services, including the Azure portal itself, encountered issues following the attack.
In a status log, Microsoft explained that the initial trigger for the event was the DDoS attack. Microsoft then adjusted network configurations to mitigate the attack and initiated failover procedures. Preliminary investigations indicated that the deployed mitigation measures amplified the attack’s impact.
A DDoS, or Distributed Denial of Service attack, involves overwhelming a target server with massive amounts of requests, typically using a botnet controlled by hackers. Additionally, hackers can exploit certain vulnerabilities in the TCP protocol to amplify their attacks.
Under normal circumstances, small-scale DDoS attacks do not affect Azure. Cloud platforms like Azure face billions of attacks daily, most of which are successfully mitigated. However, this time, an issue with Microsoft’s updates magnified the impact.
Microsoft has not yet disclosed detailed information about the incident. They have promised to release a preliminary incident review within 72 hours and a comprehensive internal review within 14 days, followed by a public report on the entire incident.
