Microsoft's Tough Friday: Software giant battles hackers, malware, and a cloud outage
- 25 February, 2013 14:52
While workers at many companies were ending their work week Friday, Microsoft techs were scrambling to put out operational fires.
Late on Friday afternoon, Microsoft discovered that its worldwide Azure cloud service had gone offline when an expired security certificate prevented users from accessing the network.
Meanwhile, the company also discovered that a malware infection already discovered on internal computers at Facebook, Apple, and Twitter had crept into its in-house systems, too.
All encrypted traffic on Azure was disrupted when an SSL certificate expired, Microsoft explained at a company website. Unencrypted traffic was unaffected by the certificate snafu, the company added.
Service was almost totally restored by Saturday morning.
While the outage caused lots of grumbling on Microsoft's online forums, contributor Brian Reischl accepted the mishap with a wry sense of humor.
"Might want to fix that, ASAP," he wrote after a "certificate expired" message appeared on his computer screen. "It also wouldn't hurt to put a sticky note on someone's monitor so they remember to update that before it expires next time.
Outages aren't new to Azure users. A year ago, the system went down. A certificate was the root cause of that outage, too. In addition, Western European users lost service due to a configuration issues in July 2012.
Malware makes inroads
Along with its Azure woes, Microsoft also discovered that some of the computer systems in its Mac business unit had been infected with malware pushed to them through a vulnerability on Oracle's Java programming language.
According to Ian Sefferman, owner of a popular iPhone developers'site, the site's systems were unaffected by the malware, which infects a visitor's computer through a "drive-by" attack.
The attack exploits a vulnerability found when running Oracle's Java programming language in a browser.
Following the news of the Facebook and Apple exploits, both Oracle and Apple quickly moved to address the situation with security updates. Either Microsoft didn't install those updates or the infections were discovered before the updates could be installed.
Java's hot water
Java is no stranger to security holes. A critical vulnerability in Java 6 that had already begun to be exploited in the wild was plugged in 2010. Nine more critical fixes for that version of the program were released in 2011. Apple's Java fixes this week included one for Java 6, which is the last version of the program shipped from the factory with Apple computers.
When Oracle released a new version of the software, version 7, things didn't improve. Security holes began popping up in that version, too, and continue to pop up to this day.
Although the recent attacks on high tech companies follow revelations of data pilfering forays into major U.S. media outlets allegedly by Chinese byte bandits, it has been reported by Bloomberg that the attacks on the technology companies may have been perpetrated by a gang of East European hackers.