REDMOND, Wash. – On Saturday, January 27, 2001 at around 10:15 a.m. PST, Microsoft began to experience another denial of service attack. As a result of this attack, some customers experienced intermittent delays in accessing websites for two 15-minute periods
in the late morning.
Rick Devenuti, Vice President and Chief Information Officer Of
Microsoft Corp. issued a following statement:
“We regret the inconvenience this attack has caused to our customers.
Microsoft took immediate action to deal with the attack and restore normal
operations. All sites were up and running normally by 12:30 p.m. Pacific time.
This attack was similar to Thursday’s attack, in which someone attempted
to block legitimate access to our Web properties by flooding our network
routers with large volumes of bogus requests. This attack was not related to
the security or reliability of any Microsoft product. In fact, no Microsoft
product was targeted as part of the attack. This attack was not an attempt at
intrusion, and no customer data was compromised in any way. Microsoft’s Web
servers and other Internet services running on Microsoft products continued to
operate normally during this event.
Microsoft accepts full responsibility for the inconvenience that our
customers have experienced over the past couple of days.
Through the experience of the past several days, we’ve learned some
significant lessons. In the past, Microsoft has focused on understanding and
protecting against attacks on Microsoft products in order to provide a better
set of Internet services to customers and a more robust and secure set of
products for enterprise customers. Unfortunately, as we have learned over the
last few days, we did not apply sufficient self-defense techniques to our use
of some third-party products at the front-end of parts of our core network
infrastructure.
Through the painful lessons we’ve learned this week, we’ve already taken
steps to change the architecture of our network infrastructure to improve its
reliability and availability for customers. We will continue to examine our
infrastructure architecture and processes in order to further safeguard our
network resources and provide a great experience for our customers.
It’s unfortunate that anyone would engage in this kind of illegal
activity. We are continuing to work with the FBI to identify those responsible
for this situation. Microsoft regrets any inconvenience to our customers.”
We will continue to monitor this situation closely and will keep our readers up
to date with any new information as it becomes available.