Azure and Office 365 disruptions traced to Distributed Denial of Service (DDoS) assault
Microsoft's cloud services faced an unexpected setback on Tuesday, as an eight-hour outage affected the Azure portal, some Microsoft 365, and Microsoft Purview services. The outage was caused by a DDoS attack and an unexpected spike in usage, leading to intermittent errors, spikes, and timeouts in Azure Front Door and Azure Content Delivery Network.
The DDoS attack, reminiscent of one that occurred in July 2024, disrupted Azure and Microsoft 365 services for hours, revealing a flaw in Microsoft's defense handling. However, no further details about the nature of the attack or the exact services affected by the failovers were provided.
Subsequent attacks in 2025 have focused more on exploiting vulnerabilities, mainly in SharePoint and Exchange Server, allowing attackers to gain unauthorized access or escalate privileges. These could degrade service availability, data security, and privileged account integrity across Microsoft cloud platforms, including Microsoft 365 and related services.
In July 2025, a critical remote code execution vulnerability (CVE-2025-53770) in on-premises SharePoint servers was actively exploited. Attackers bypassed identity controls like multi-factor authentication and established persistent backdoors, leading to significant data exfiltration risks.
In August 2025, a serious privilege escalation vulnerability (CVE-2025-53786) in Microsoft Exchange Server hybrid deployments was disclosed. This flaw could allow attackers with administrative on-premises access to escalate their privileges and compromise an organization’s cloud and hybrid infrastructure.
Upon learning of the incident, Microsoft made networking configuration changes to support its DDoS mitigation. The DDoS attack began on Tuesday and was mitigated by Microsoft around 10 a.m. EST, approximately three hours after it started. Some customers reported less than 100% availability after the initial networking configuration changes, and Microsoft responded with an updated mitigation strategy.
The outage occurred less than two weeks after a global IT outage involving 8.5 million Windows devices due to a defective software update from CrowdStrike's Falcon security platform. No details about the scope of the CrowdStrike software update issue or its subsequent global outage were provided in the article.
Microsoft plans to conduct a preliminary review of the incident within 72 hours and a final review within two weeks to identify the cause and improve response. Donny Chong, director at NexusGuard, stated that the Microsoft outage demonstrates the potential for DDoS actors to disrupt critical business services.
While no explicit reports link these recent exploits to disruption or compromise of Microsoft Purview, given its integration with Microsoft 365 and Azure, vulnerability exploitation in core services could represent indirect risks. No information about any potential impact on users or businesses was mentioned in the article.
[1] Source: [Link to the original article about the 2024 DDoS attack] [2] Source: [Link to the article about the SharePoint remote code execution vulnerability] [3] Source: [Link to the article about the Exchange Server privilege escalation vulnerability] [4] Source: [Link to the Microsoft Security Update Guide for CVE-2025-53770] [5] Source: [Link to the Microsoft Security Update Guide for CVE-2025-53786]
According to the news sources, the DDoS attack on Microsoft's cloud services in August 2025 exposed a weakness in Microsoft's cybersecurity defenses, similar to the incident that occurred in July 2024. The tech giant faces ongoing challenges as cybercriminals increasingly focus on exploiting vulnerabilities in technology systems, particularly in SharePoint and Exchange Server, leading to potential threats to general-news categories like crime-and-justice.
%20assault){kind=link}