Microsoft's Tough Friday: Software giant battles hackers, malware, and a cloud outage

Software giant Microsoft saw its Azure cloud service crash, its Mac systems hacked, and a malware intrusion.

While workers at many companies were ending their work week Friday, Microsoft techs were scrambling to put out operational fires.

Late on Friday afternoon, Microsoft discovered that its worldwide Azure cloud service had gone offline when an expired security certificate prevented users from accessing the network.

Meanwhile, the company also discovered that a malware infection already discovered on internal computers at Facebook, Apple, and Twitter had crept into its in-house systems, too.

Azure fails

All encrypted traffic on Azure was disrupted when an SSL certificate expired, Microsoft explained at a company website. Unencrypted traffic was unaffected by the certificate snafu, the company added.

Service was almost totally restored by Saturday morning.

While the outage caused lots of grumbling on Microsoft's online forums, contributor Brian Reischl accepted the mishap with a wry sense of humor.

"Might want to fix that, ASAP," he wrote after a "certificate expired" message appeared on his computer screen. "It also wouldn't hurt to put a sticky note on someone's monitor so they remember to update that before it expires next time.

Outages aren't new to Azure users. A year ago, the system went down. A certificate was the root cause of that outage, too. In addition, Western European users lost service due to a configuration issues in July 2012.

Malware makes inroads

Along with its Azure woes, Microsoft also discovered that some of the computer systems in its Mac business unit had been infected with malware pushed to them through a vulnerability on Oracle's Java programming language.

Similar infections have been detected at Twitter, Facebook and Apple. A common denominator of the infections is they all seem to have originated at a single developer's website,

According to Ian Sefferman, owner of a popular iPhone developers'site, the site's systems were unaffected by the malware, which infects a visitor's computer through a "drive-by" attack.

The attack exploits a vulnerability found when running Oracle's  Java programming language in a browser.

Following the news of the Facebook and Apple exploits, both Oracle and Apple quickly moved to address the situation with security updates. Either Microsoft didn't install those updates or the infections were discovered before the updates could be installed.

Java's hot water

Java is no stranger to security holes. A critical vulnerability in Java 6 that had already begun to be exploited in the wild was plugged in 2010. Nine more critical fixes for that version of the program were released in 2011. Apple's Java fixes this week included one for Java 6, which is the last version of the program shipped from the factory with Apple computers.

When Oracle released a new version of the software, version 7, things didn't improve. Security holes began popping up in that version, too, and continue to pop up to this day.

Although the recent attacks on high tech companies follow revelations of data pilfering forays into major U.S. media outlets allegedly by Chinese byte bandits, it has been reported by Bloomberg that the attacks on the technology companies may have been perpetrated by a gang of East European hackers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Microsoftmalwarecloud storage

More about AppleApple.BloombergFacebookMicrosoftOracle

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John P. Mello Jr.

Latest Videos

More videos

Blog Posts