Security News > 2022 > August > Microsoft 365 outage triggered by Meraki firewall false positive
An ongoing outage affects multiple Microsoft 365 services, blocking users from connecting to Exchange Online, Microsoft Teams, Outlook desktop clients, and OneDrive for Business.
While Microsoft says that this incident has only affected customers in the EMEA region, users have been reporting server connection issues and sign-in failures worldwide.
Our investigation is focused on a potential issue where legitimate Microsoft traffic is being blocked across multiple regions.
While Microsoft says it's still investigating the issue, this ongoing outage is most likely linked to a Cisco Meraki firewall Intrusion Detection and Prevention false positive blocking Microsoft 365 connections with "Microsoft Windows IIS denial-of-service attempt" alerts.
"We would like to make you aware of a vulnerability reported by Microsoft CVE-2022-35748 , triggering SNORT rule 1-60381," a Cisco Meraki employee said on Wednesday.
As shared by multiple customers who managed to work around this issue, admins who want to restore Microsoft 365 connectivity on impacted systems can allow list IPS rule ID 1-60381 from their organization's Meraki dashboard > Security & SD Wan > Threat Protection > Allow List rules.
News URL
Related news
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- Microsoft 365 users hit by random product deactivation errors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-31 | CVE-2022-35748 | Unspecified vulnerability in Microsoft products HTTP.sys Denial of Service Vulnerability | 0.0 |