Microsoft systems went down once again, in what one expert described as a “surreal” fiasco, happening just a fortnight on from the last outage.
This time, the tech giant is less able to point the finger of blame at an external proprietary software provider such as CrowdStrike.
Different Flavor of Issue
The outage had a different origin, and has affected a number of Microsoft services, with several companies issuing statements about their systems being down.
It affected a diverse collection of companies, from a video game to a Dutch soccer club.
CrowdStrike Outage
The CrowdStrike outage was a widespread software outage which affected Microsoft devices that began on July 19.
It affected around 8.5 million devices and caused chaos in airports and health systems across the world.
Delta May Sue
Delta Air Lines lost a reported $350-500 million over the course of the CrowdStrike outage, and may be looking to recoup some of the lost revenue from Microsoft and CrowdStrike.
They hired a top lawyer from Harvey Weinstein’s law agency, Boies Schiller Flexner, but have not yet formally announced a case against the tech firms.
Latest Outage Initiated By Malicious Actor
The latest outage, rather than being caused inadvertently by an update bug, was, this time, initiated by a Distributed Denial-of-Service (DDoS) attack.
A DDoS attack works by hitting a website with a large amount of traffic, all at once, to render it functionless.
Should Expect Better From Microsoft
Professor Alan Woodward, a computer security expert speaking to the BBC, was unimpressed by Microsoft’s lacking infrastructure.
He said: “It seems slightly surreal that we’re experiencing another serious outage of online services from Microsoft. You’d expect Microsoft’s network infrastructure to be bomb-proof.”
Apology For Extended Outage
Microsoft has issued an apology for the extended outage, which lasted around 10 hours.
It affected Microsoft 365 products, Microsoft Azure, Intune, and Entra.
Bungled Fix Exacerbated Issue
Microsoft issued a fix on Azure that, rather than mitigating the adverse effects of the attack, actually increased them.
“Initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it,” Microsoft said, on their website.
Diverse Victims
The outage affected a diverse group of organizations, which included the video game Minecraft, where users had trouble logging in.
It also affected a Dutch soccer team, FC Twente, which had to issue a statement warning fans that they would be unable to buy tickets for some time.
Not Perfect Timing
The attack, which may have been performed by a hacktivist group, came at an opportune time, and not just because of the July CrowdStrike failure.
It also came just a manner of hours before Microsoft released its latest financial report.