There’s fresh grief for Microsoft on the heels of its CrowdStrike chaos.
Many New Zealand customers could not access Outlook and Teams this morning. Down Detector had 3200 reports of Microsoft outages around New Zealand at about 8.30am. Around 9.45am, customers across multiple organisations said services were coming back online.
The trouble came just hours after Microsoft suffered global problems to a cyber attack.
A Microsoft spokeswoman told the Herald at 10.30am: “Microsoft is still investigating at this stage. We do have confirmation it’s not related to the previous DDoS attack, as it is only affecting NZ.”
At 12.30pm, the Microsoft spokeswoman updated: “We are working to restore access to a limited amount of services in New Zealand.”
Herald publisher NZME was able to resolve the issue by switching from a Spark broadband connection to one with another provider. However, the telco said it was not a Spark-specific issue.
Although Down Detector had a surge of Microsoft 365 outage reports at 8.30am as people arrived in offices, Microsoft first flagged a potential issue to corporate customers in a 2.05am update, in which it said it was investigating “A potential issue with general access or latency [lag] issues with Microsoft 365 issues”.
A 7.49am Microsoft update said, “We’re receiving reports of issues impacting various Microsoft 365 services including but not limited to Exchange Online, Outlook and Microsoft Teams within New Zealand.
An 8.27am update said: “We’ve rerouted network traffic to alternate infrastructure and are seeing improvements in service availability.”
DDoS attack
On Wednesday, Microsoft suffered around 10 hours of global disruption.
The company said the “initial trigger event” for the outages was a distributed denial of service (DDoS) attack – a spike in usage caused by millions of bots controlled by a hacker, flooding a service with traffic until it can no longer cope.
Data is not put at risk during a DDoS attack, but the spike in connection requests effectively blocks services to others. Security experts have likened it to sheep blocking a road.
Microsoft said a configuration error in the rollout of its own defences to prevent the attack “amplified the impact of the attack rather than mitigating it”.
On July 23, a faulty update with CrowdStrike’s cybersecurity software threw some 8.5 million PCs running Microsoft Windows into the “Blue Screen of Death”.
Although accounting for less than 1% of Microsoft customers, many affected clients were in banks, airlines and other critical services.
Microsoft is close to completing a giant “hyper-scale” data centre in Auckland’s northwest. It will be the first time the tech giant has had one of its cloud “server farms” located in NZ.
Take your Radio, Podcasts and Music with you