Microsoft hit by new Azure outage that started as DDoS cyberattack

Error in Microsoft’s automated protection mechanisms worsened the impact

The latest outage comes after a recent problem that affected systems running Microsoft Windows linked to a faulty CrowdStrike cybersecurity software update
The latest outage comes after a recent problem that affected systems running Microsoft Windows linked to a faulty CrowdStrike cybersecurity software update

Microsoft said an outage of Azure cloud applications was triggered by a distributed-denial-of-service cyberattack, hours before the company was due to report its financial results.

The DDoS attack began early Tuesday and an error in Microsoft’s automated protection mechanisms worsened the impact rather than mitigating it, the company said in a status update.

Customers were affected in multiple regions, including services running on Azure. For example, mobile ordering at Starbucks was disabled for hours because of the issues affecting Azure, according to a person familiar with the matter.

Denial-of-service attacks direct internet traffic at a website in mass volume to disrupt it or shut it down. The incidents have become a persistent annoyance for financial institutions, causing intermittent downtime and forcing security staffers to repel the activity.

READ MORE

Reports of outages on Azure and Microsoft 365 began to spike shortly after 7am in New York and comprised hundreds of complaints at the incident’s peak, according to user reports compiled by Downdetector. Microsoft said the incident was fixed by about 5pm in New York.

The issue also affected multiple Microsoft 365 services and features, Microsoft said in a post on social network X. Microsoft 365 includes common productivity applications like Outlook, Word and Excel.

Mobile ordering for Starbucks had largely been restored by about 1pm in New York. The company was working to address limited interruptions that continued, a Starbucks spokesperson said.

Earlier this month, some 8 million computers running on the Windows operating system crashed after the cybersecurity firm CrowdStrike Holdings released a flawed software update. In addition, Microsoft has also been grappling with the fallout from a series of cyberattacks that prompted the US government to issue a scathing report calling for companywide changes.

Microsoft chief executive Satya Nadella touted progress in the company’s cybersecurity products during a conference call Tuesday after the company reported quarterly earnings. He said the company has more than 1.2 million security customers.

“We continue to prioritise security above all else,” Mr Nadella said.

The cloud-computing service posted a slowdown in quarterly growth, disappointing investors anxious to see a payoff from huge investments in artificial intelligence products.

Revenue from Azure, Microsoft’s main growth engine in recent years, rose 29% in the fiscal fourth quarter, compared with a 31% jump in the previous period. About 8 percentage points of the increase in the recent period was attributable to AI, up from 7 percentage points in the prior quarter.

On a call with analysts Tuesday, chief financial officer Amy Hood said that although Azure growth will continue to slow in the current quarter, which ends in September, investments in data centers and servers will let the company capitalise on demand and accelerate Azure growth in the second half of fiscal 2025.

In the fourth quarter, which ended June 30th, capital expenditures — closely watched by investors as the company embarks on its historic AI build-out — jumped to $19 billion, including server farm leases, from $14 billion in the previous quarter. That number will increase in the new fiscal year, Hood said. - Bloomberg