Microsoft Azure Cloud Storage Suffers Major Outage Over Expired SSL Certificate

Various news outlets reported late Friday that Microsoft’s public cloud storage service suffered a global outage due to a lapsed security certificate.Beginning around 4 p.m. EST, developers and other Azure customers began being blocked from accessing files.

Azure certificateVarious news outlets reported late Friday that Microsoft’s public cloud storage service suffered a global outage due to a lapsed security certificate.

Beginning around 4 p.m. EST, developers and other Azure customers began being blocked from accessing files.

“Storage is currently experiencing a worldwide outage impacting HTTPS operations (SSL traffic) due to an expired certificate,” according to a message on the Windows Azure Service Dashboard that remained posted Friday night. “HTTP traffic is not impacted. We are validating the recovery options before implementing them. Further updates will be published to keep you apprised of the situation. We apologize for any inconvenience this causes our customers.”

Some forum commenters initially mulled over possible causes and mitigation tactics, such as changing an app’s configuration to HTTP from HTTPS.

“So is it just me, or did the HTTPS certificate for Azure Storage just expire?” was one typical response. “Might want to fix that, ASAP. It also wouldn’t hurt to put a sticky note on someone’s monitor so they remember to update that before it expires next time.”

Wrote another: “I feel sorry for the person at Microsoft who will have to deal with this.  Looks like someone must be regenerating a new certificate and figuring out how to deploy it platform-wide right about now.  Pretty amazing that the entire Windows Azure storage platform is offline globally.”

It wasn’t a great day for the company in general, either. Earlier Friday Microsoft made news for joining a growing list of prominent tech companies to suffer a break-in by hackers who implanted malware on a reportedly small number of machines. Similar attacks occurred at Apple, Facebook and Twitter.

“Consistent with our security response practices, we chose not to make a statement during the initial information gathering process,” wrote Matt Thomlinson, general manager of the company’s Trustworthy Computing Security. “During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.”

 

Suggested articles

Microsoft Patches 17-Year-Old Office Bug

Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday.