Microsoft DDoS defence error amplifies attack impact on Azure services

Microsoft said an error in how it had implemented DDoS defences contributed to global issues experienced with some Azure and Microsoft 365 services overnight.

The vendor said a distributed denial-of-service (DDoS) attack was the initial cause of problems with its content delivery services, Azure Front Door and Azure CDN.

The attack triggered DDoS protection mechanisms on Microsoft’s end, but the vendor said that “initial investigations suggest that an error in the implementation of our defences amplified the impact of the attack rather than mitigating it.”

The vendor made “network configuration changes to support … DDoS protection efforts and performed failovers to alternate networking paths to provide relief.”

The issues began at 11:45 UTC (9.45pm AEST) and were resolved at 19:43 UTC (5.43am AEST).

Microsoft said that impacted services included “a subset” of M365 and Purview services, as well as App Services, Application Insights and the Azure portal itself, among others.

The vendor said it will publish a more detailed preliminary post-incident report later in the week.

Microsoft DDoS defence error amplifies attack impact on Azure services

Microsoft DDoS defence error amplifies attack impact on Azure services

Microsoft DDoS defence error amplifies attack impact on Azure services

Microsoft DDoS defence error amplifies attack impact on Azure services

Microsoft DDoS defence error amplifies attack impact on Azure services